<img height="1" width="1" src="https://www.facebook.com/tr?id=3164026456974972&amp;ev=PageView &amp;noscript=1"/>
Skip to main content
What are you looking for?
Table of contents
Print

How do you keep your website up and running securely?

In this article, you'll learn why it's important to get your security right and what measures you can take to keep hackers out.

Why should you secure your site?

As a webshop, you are an interesting target for hackers because they can steal customer data from webshops and redirect payments to a proprietary account.

Did you know.

Hackers often target small webshops because here security is usually worse.

As the owner of the website, you will be held accountable and you will be harshly punished if it is found that you have been negligent. Your website will be removed from Google's search results and the hoster will take your website offline.

The government is taking this so seriously that as of January 2016, the new Data Breach Notification Act comes into effect.

In short, this means that if customer data is leaked from your site you have a duty to report it to the Dutch Data Protection Authority.

And if it can be proven that you have been negligent in securing your site you will be held accountable.

How do they hack your website?

There are several methods to hack your website. Well-known ones are: "lazy hack", brute force attack, "professional hack" and DDoS attack.

Different hacking methods 

Lazy hack:

These leaks are mostly found in outdated extensions/plugins and CMS systems. Small sites are as much at risk as large sites in this regard.
Tip: Implement security updates as soon as possible.

Brute Force attack:

In a Brute Force attack, an automated script attempts to retrieve website login credentials.
Tip: Don't use the default username "admin. And use a password with more than 8 characters.
Tip: There are plugins/extensions available that temporarily block users in case of multiple failed login attempts. This already makes it more difficult for a potential hacker.

Professional hack:

Malicious people with a lot of technical knowledge will deliberately look for weaknesses within your website. No matter how well your system is secured, a really smart hacker can hack (parts of) your website.
Tip: Keep updating, not only your CMS but also all extensions.

DDoS attack:

With a DDoS attack, they don't gain access to your website but can take it down. With a DDoS attack, thousands of fictitious web requests are sent on one website, causing the server to overload and fail.

A DDoS attack is often accompanied by an attempt at extortion. The owner can then thwart the DDoS attack for a fee.

Tip: There is little you can do yourself against a DDoS attack. Ask your hosting party what measures they take against it.

Note: If customer data is leaked in a hack, you are required to report this to the Dutch Data Protection Authority.

Preventing a hack

What can you do to minimize the chances of getting hacked? If you are not technical yourself, it is important to work with a party that understands security. A web development agency, for example.

Use an SSL certificate: An SSL certificate encrypts all traffic between your server and your visitor's browser. In addition to being more secure, an SSL certificate also builds customer trust.

Choose a difficult password: A password does not necessarily have to be complicated, as long as it is long. For example, cracking a 9-character password using a Brute Force attack takes an average of 20 years.

Don't log on to your site at Internet cafes and open wi-fi's: During the vacations, hosting parties see an increase on the number of hacked websites. When on vacation, bring your own laptop.

What should a web developer do?

Make sure your web developer and hosting party regularly updates the software on your site and server, and that the current version is the most secure. Have your website updated at regular intervals.

The bigger the gap between versions, the more complicated (and expensive) the update is.

Include website updates in the workflow so that there is no backlog of maintenance. Some software systems do not immediately release a new version update when a new leak is discovered, but first plug the leak with a patch.

As a site owner, you must install these on your site yourself. It is critical to do this within a few hours.

After a leak is found, hackers immediately start looking for vulnerable websites.

It is more economical to do a major update when there is an urgent security concern than to update with every release.

Did you know.
Malicious parties can often very easily discover the URL through which the backend of your site can be accessed, which for many websites is www.jouwdomein.nl/admin. This is easy for malicious people to guess.

Tip: So change the address you use to get to the back-end of your website.

One step further is to password protect this address. You would first have to enter a password to go to this address.

In addition, you can set up login page of your back-end to be accessible only to a row of pre-selected IP addresses.

Try to change CMS default settings as much as possible to make it harder for malicious people to hack the website.

You can do a lot yourself to prevent hacks, but you depend on your hosting party for server and infrastructure security.

Tip: Therefore, also check what measures your hosting partner is taking to keep your website secure.

What can your hosting party do?

Changing the server's default settings. Changing the default settings already makes it more difficult for hackers.

Keeping software up to date. It is the responsibility of the hosting party to use the most secure version of software and modules at the infrastructure and platform level. In this regard, the most secure version is not always the most recent.

Install firewall: A hosting party has the ability to deny access to unwanted traffic using a firewall, which can be done per individual IP address, but also at the level of an entire country.

If a dangerous security vulnerability in your shop software becomes known, hosting parties can sometimes already take the first security measures at the server level, but please note, always make sure that your shop is safe even without those first security measures by updating or patching.

Ward off DDoS attacks: Your hosting company can place a special server in front of the server your site resides on that recognizes DDoS attacks and can mitigate them so your website is not affected.
Tip: Look for a hosting company that will proactively alert you to new updates and warn you of security breaches.

What to do if you do get hacked?

Tip: Hacked? Catch your visitors!

Once a hosting party realizes your website has been hacked, they will shut down your website to prevent abuse, image damage and Google penalties.

Direct your visitors (via a redirect) to a simple page explaining that your site will be accessible again soon. Your web developer can help you with this.

Find a good partner to fix it for you: It takes some technical knowledge to get your website back in order. Engage an expert partner for this.

Don't think too quickly that your webshop is all clean in again. Take the time to check everything thoroughly.

Note: Has customer data been leaked? If so, inform the Dutch Data Protection Authority and possibly your customers.

Check with a developer for back-doors. These are "back-doors" that allow malicious parties to easily regain access to the site.