Hackers may try to “steal” customer data from your website or place an image, text or a (hidden) link to their own website on your website. Hackers can also abuse your website, for example to attack other websites or to send spam. This can adversely affect the ranking and findability in Google. So make sure that you get the following in order, possibly with our help.
The following applies to your website administrator account, but also to other accounts, such as your hosting provider, domain registry, Microsoft and Google account.
- Activate 2-Step Verification.
To do this, install an app, such as “Google Authenticator” or “Microsoft Authenticator” on your smartphone. To activate 2-Step Verification, follow the following guides or contact us or your provider’s helpdesk:
wordfence.com (for WordPress websites)
- Change your password and (2FA recovery codes) regularly.
Provide strong passwords that cannot be guessed. Long passwords, at least 12 characters, consisting of uppercase letters, lowercase letters, numbers and foreign characters, without words or data. Also make sure you can reset your passwords yourself in case you forget, using your own account recovery email address and mobile phone number, so you don’t get locked out of your own account. I do not store passwords for your accounts, even if you have sent them to me.
- Only add me as a collaborator.
This way I only get the limited rights I need and I have no access to your e-mail box, invoices, domain names, etc. An additional advantage is that I can log in with my own account with 2FA. If it is necessary for me to log in with all ownership rights, please provide the password by telephone and then change it after my job has been completed.
- Activate “account login notifications”.
You will then receive an email when someone logs in to your account. Notify the administrator if you do not recognize a login attempt or find it suspicious and change your passwords immediately.
- Make sure you have a backup.
You should always have a backup stored on your own backup system.
- Hide the URL of the backend of the website.
- Choose a login name that hackers cannot guess. (not your name or email address.)
- Is Wordpress Auto-update active, so that security holes are automatically closed as soon as a security patch becomes available?
- Does the server have the latest PHP version and is it automatically updated to a safe version?
- Is your SSL certificate active, so that data is sent via your website in a secure manner?
- Is a plugin activated that prevents spambots from putting email addresses on your website on mailing lists?
- Is Google Recapcha activated to prevent spammers from abusing your contact form?
- Is an Uptime Monitor plugin or application activated so that you receive an alert email if your website goes down?
- In addition to Google Search Central, I recommend checking your website regularly with: Google Safebrowsing. If Siteground is your hosting provider, I can recommend the Hackalert tool. This is a type of virus scanner that scans your files and database for hacker code.
- Remove form entries in the backend of your website if they contain confidential information. When someone fills out a form on your website, you will receive an email and these form entries are often also stored in your website. If you don’t know how to remove it, please ask me.
- If you have a Wordpress website, I recommend installing the pro version of the following plugins: sucuri.net or wordfence.com. You can also purchase Cloudflare Pro, for example. This means you simultaneously have a CDN (content delivery network) so that your site is faster and a WAF (Firewall) so that your website is extra secured. You must purchase a paid license / subscription yourself.
Please get in touch if we can assist you with the above.