Marketing and design for higher education and professional services513.681.4105

To help keep your workday from spiraling out of control from a website hack, follow this basic website security prevention checklist.


Devious website attackers won’t leave an obvious trail. Instead of taking over your entire site, they may add inconspicuous code that will scrape information, install malware, and cause painful headaches for you and your valued website visitors.


☐ Backup a remote copy of your website

How quickly can you restore your site? Having a recent backup will make your life easier. Your website hosting company likely backs up your website (don’t assume, though). Be clear on what your hosting company offers in terms of their own security infrastructure, how often your site is backed up, and what technical support is offered for restoring your website if your site is hacked. Ask them how long it will take to restore your site. And, make sure they are backing up your website’s files and database. Don’t think you have a database? If your website is running on WordPress, Drupal, or Joomla platform, you most certainly do. The database is core to running your website.

☐ Backup a local copy of your website
It’s important to make your own backups of your website. If your hosting company suddenly goes out of business (you really didn’t go with the cheapest hosting you could find, did you?) or has lousy customer support, you may save time having your own backup on hand. Make sure you are backing up your website’s files and database.

☐ Maintain your website’s CMS, themes, modules, plugins

Whether your website is built on a Drupal, Joomla, or WordPress platform, ensure you are running the latest versions. Keep your plugins and modules updated and remove any that are no longer actively supported. Outdated plugins and modules can leave a security hole for hackers. If your site was built with a purchased theme, update your theme as it becomes available.

☐ Use a strong password
Here is a list of popular passwords hackers love. Never use passwords for usernames or passwords that hackers will easily figure out. Have a strong password for items used to keep your website afloat: hosting, CMS admin, FTP. Not sure what a strong password is? Use a password generator tool like this one to create a strong one. Go for the two-factor authentication where possible. This will help if your credentials are stolen and will help prevent a hacker gain access to your accounts.

☐ Monitor your website
With Google webmaster tools (now called Search Console) you can verify yourself as the owner of your website. By doing that, Google will alert you if new users have been added to your webmaster’s tools account and if they detect malware on your site, so pay attention to Google’s notifications.

☐ Watch for unusual activity in Google analytics
If you see unusual spikes in an old blog post or a large increase in foreign traffic, this may indicate that malicious code has been added to your website.

☐ Establish a website policy
Change passwords after a current employee, intern, or web developer no longer needs access to your website files. An Infosecurity report found that 58 percent of security incidents come from employees, ex-employees, customers, and/or partners. Consider documenting and educating your team on website security basics.

Mitigate your risk.
Don’t be fooled that website security is not important because your website is fairly small, not an ecommerce site, or doesn’t use a website visitor’s private information.

Your site being hacked:

  • can get your site on Google’s blacklist and that can lead to you losing 95 percent of your site visitors.
  • means you lose all that hard work you did to get your brand showing up higher in search results.
  • causes headaches, time lost, and money spent to get your site cleaned up and back on track
  • erodes your brand’s reputation if your website is compromised.

What will you do to be proactive about your website’s security?

Here are a few additional password generation and policy tips.