Securing a website, especially if it is your primary means of connecting with clients, is a priority for any organization or freelancer working internationally. A recent hacking effort resulted in a security warning from Google for the site here at seanpmckee.net. After a bit of investigation the problem was identified and resolved. The challenge was getting Google to recognize that prompt action was taken so that the site would be re-listed as a normal and non-threatening destination.

Lessons learned

While the hacking attack was inconvenient, it provided an opportunity to learn some valuable lessons for improving the security of a website.

1. Update your website's CMS on a regular basis - For any site using a content management system (e.g., WordPress, Joomla, Drupal, etc.) it is essential to make sure all core files and any plugins or modules are running with the latest versions available. This reduces the chances of older security bugs being exploited.
2. Secure files that should not be publicly accessible - Many sites use .htacess files to add security for their subfolders or whole sections of a website. In other cases, the .htaccess files are part of the content management systems and their core operations. In most cases, this type of file can't be accessed by general website visitors. Malicious attackers, however, can find security holes depending on how a website's hosting server is set up, as well as other factors. If an .htacess file is in use, consider adding additional commands within the file to make it harder to access.
3. Backup, backup, backup - Create regular backup copies of the content on your website so that a new version or a re-launch of the site, if needed, can be as painless as possible. There may be some negative impact from a loss of longer-term links, but this can be remedied with some additions of 301 redirect commands in an .htaccess file.
4. Learn more about security threats to websites - Depending on how you manage your website there can be varied and specific threats. Reading an overview of how hackers might attack a website is probably a good place to start (check out Hacking For Dummies). Other books and online courses exist for systems such as WordPress, Drupal and Joomla.

Recovering and what to do next

Since the hacking effort resulted in a security warning from Google, it seemed prudent to use this opportunity to re-launch the seanpmckee.net website. This was also an educational experience that came at my expense rather than any of the people and organizations I work with. In this case, it will be reassuring to be able to inform them of potential security issues on their websites and take action to correct them before problems occur.