How to Prevent Your Small Business Website from Being Hacked

How to Prevent Your Small Business Website from Being Hacked

As some of you may know, I am very involved
with one of my client companies, a virtual public square for political debate called
Only Honest. Earlier this year we were repeatedly hacked by a group claiming to be affiliated
with Anonymous and we were basically crippled. The hacking was bad enough that we lost thousands
of social media followers and were even featured in a CNN Money article about how cyber attacks
can devastate a small business. We’re finally back up and running now, but I wanted to give
you a few tips that I learned the hard way for how to prevent a cyber attack on your
website. We thought we’d vetted our developers thoroughly
– looking at past work and checking references – but we didn’t realize that we should have
asked specifically about cyber security when we were interviewing potential development
teams. If you don’t have a techie on your time, I highly suggest you find someone knowledgeable
enough about web development to help you vet potential developers but even if you decide
to go it alone you should ask each candidate specific questions like “How would you identify
a hacker’s attempted intrusion?” How would you recover from a successful defacement of
my website by a hacker?” and “How often will the database and code be backed up?” Any developer
worth his or her salt will be able to answer these questions without any hesitation and
everything should be backed up weekly, at an absolute minimum. You should also do research on your own to
ask your potential developers about known vulnerabilities. A simple Google search or
some time spent in help or discussion forums for whatever platform will be used to build
and host your site will let you know what the latest vulnerabilities are. If you ask
your potential team about these known vulnerabilities and they have no idea what you’re talking
about, you should probably look for another team. You also want to make sure everything is kept
up to date as most platforms – for example, WordPress, one of the most popular platforms
– frequently issue updated versions that will patch these known vulnerabilities. Ask the
team how often they check for new versions and how soon after a new version is issued
they will update your site. In addition to vetting your development team,
it’s also a good idea to invest in an SSL certificate, force users to use strong passwords,
require admins to use strong passwords that they don’t use for any other sites, and ensure
that you – and not just your development team – have a backup of all of the code and databases
in case something should go wrong. It’s impossible to completely hack-proof your
site, but hopefully these simple steps will help prevent you from suffering through the
stress of a cyber attack like Only Honest did.


  1. be careful with user admin pages. most 'exploiters' will assume that the admin is the first on the list for the database table which is easy to gain access.
    If it is what I just said change it or remove an admin user and hire knowledgeable developers who can look at your code and add it rather than take change on an easy setup.

Leave a Reply

Your email address will not be published. Required fields are marked *