In Hackers Vs Web Design Professionals Part 1 we went over some pretty common mistakes - and lazy ones at that - that some web design professionals and business owners make that leaves their sites open to an attack by hackers. The most common way these criminals get into your site is as a result of terrible password management systems that many people unthinkingly engage in. However, there are a number of other risks as well that should be identified and mitigated. The 5 most important of these are listed below. *Not changing login URLs
This is a simple mistake but one that can cost a web designer dearly. When a new website is built or a new platform is installed, the administrative section of the site is accessed through a specific URL. Many web designers use weak, unsecured URLs that are automatically generated by website platform software. These links are easily exploited by hackers and should be secured via SSL or another more-difficult-to-hack URL login system. Even if you simply change the link to something less obvious as wp-admin (the default login address for all WordPress websites) you'll still be safer than going with a login system that is well known to hackers.
*Not making passwords hard enough to guess - auto pw locators
While it might be an inconvenience to change passwords every 90 days and still keep them fresh and difficult to crack, this is an essential step to protecting your valuable websites from attack. Being lazy when choosing a password can leave you open to exploitation, so be sure to develop a rich password that uses numbers and letters, special characters and both upper and lower case symbols.
Why? Hackers use sophisticated programs to systematically "guess" passwords. Essentially, these character generators work on a system that can eventually figure out simple passwords. This is especially true if you use only numbers or only known words in your password; eventually even a basic password generator will be able to unlock your site.
*Stray bits of code
Some stray bits of code can leave your site open to attack by experienced hackers. For instance, Word documents pasted onto a web page can embed code used by the program to generate fonts and other stylizations. This is why it is important to clean all content on your site by entering it in HTML, or by stripping all code with a text editor like Notepad prior to publishing the content on your site.
*Broken membership portals
Membership portals can provide various levels of access to your website, but when configured incorrectly or when improperly managed these portals can also give hackers the door they need to get in and wreak havoc. Protect your membership portals with professional grade web design and encryption elements in order to eliminate this vulnerability, and keep your portal management strategies up to date.
*Sharing IPs and Server Resources
Going the cheap route and sharing a server, IP or IP range with other users can ultimately be quite expensive. For instance, if another user on the shared server makes a mistake that invites an attack, all sites on the server will likely be exposed. This means that even if you manage your systems well and are otherwise protected, someone you don't even know can bring that all crashing down on your head in a matter of minutes.
If you're building websites for clients, you should be putting them on their own IP, and preferably on a server that you have majority control over. This is especially true for web designers with more than a half dozen commercial clients.
If your site has been hacked or you fear it's vulnerable, take action now by calling a professional web designer for an immediate consultation. You need the right help to protect what you've worked so hard to build.