While doing some research I spotted a website that appears to have been hacked. Here are some routine methods that help at avoiding hackers before they gain control of your website:
- Update Content Management System Frequently (WordPress, Joomla, etc.)
- Only purchase themes or plugins from reputable sellers as some can be malicious.
- Determine your site needs, user logins, or static pages.
- Consider disabling all admin or page modifications by IP address.
- Consider setting up HTTP Auth for CMS sites functioning as static pages.
- Consider authenticated cookie sessions.
- Ask your hosting provider to prepare a list of Failed Logins and request they be banned.
And while we try sometimes it is possible for a hacker to still gain access to a site. In those cases it’s always recommended to create routine backups of sites that serve up dynamic content. Even static page sites should still maintain routine backups if they are on a CMS that recieves security updates like WordPress.
It’s also noteworthy to request a policy from your hosting provider on what steps they are taking to ensure your site is secured. It is a requirement by HIPAA for Business Associates to disclose compromised patient data which can at times happen when forms are connected to a database table.