Web security

Ever been hacked? If you have, you are not alone. In this article Kristen Harrison shares some simple tips that she's learned, which may help you to keep your data safe.  

The prevalence of hacking and fraud seems to have increased considerably in recent years, and affects more and more individuals. It used to be that large institutions, software companies and web developers had to worry about hacking but now, with so many of us managing our own online activity, we are having to take more responsibility for our own security, too.

What is hacking?

Hacking is just like breaking into a house, only digitally. Hackers break into websites or software with the intent to cause some kind of havoc – anything from stealing personal data, to leaving a 'virus', to simply rendering a website unusable. I’m not sure if I’ve ever met a hacker in person (would anyone admit to being one?) but one must wonder what kind of person would dedicate their time to such hostile pursuits.

Be aware of scam emails

Most of the time spam is just annoying (and bizarre!) but occasionally spam can carry viruses that are triggered by clicking on a link or button within an email. For example, a message from your bank tells you that you to 'Click here to update your contact details on our system'. Never click there. Banks only ever send emails containing one-way information – i.e. they never ask for a customer to take any action within an email. This is a security policy to help us differentiate between real communication and scams.

Never click on any links or buttons within an email from someone you don’t know. And even if an email is from someone you do know, be 100% sure they sent the email. Often, an oddly phrased sentence or an out-of-character typo can be the giveaway that the email is not from your contact.

Create an email 'dump' for online sign-ups

Consider setting up an email account that you can use when you sign up to mailing lists or pay for things. I have a yahoo account that is only ever used for this purpose and it is chock full of advertising, emails from mailing lists I never signed up to, and a lot of spam!

This shows what happens with your email address when you sign up to things. You never know if a website will sell your email address to a third party, so setting up an email that can become a dumping ground can be a handy way to keep it out of your real inbox.

Protect your passwords

The number one entry point for a hacker is a weak password.

It is absolutely critical that you have strong passwords and change them at intervals. Use a combination of upper and lowercase letters, numbers and symbols and avoid using names or words. Never send passwords in emails, or in online chat forums like Skype. In fact, never share your passwords.

Ramp up your Wordpress security

I’ve recently been investigating an incident for a SoA member who was the victim of fraud. The cause is unclear but it may well have been a hacked Wordpress website. With upwards of 75 million users worldwide, the Wordpress platform has become a prime target, leaving many of us vulnerable.

Security risks have increased significantly in the last 12-18 months. I would suggest to any author with a Wordpress site to have your web designer manage it on an ongoing basis, if that is practical for you.

They will be able to keep ahead of any threats and do the essential maintenance to keep your site safe: update Wordpress every time a new version comes out; update plugins and themes; install a security plugin like iThemes security or Wordfence; run regular malware scans.

You (or they) also need to keep an eye on security alerts and respond to those immediately. Sadly, these alerts are becoming more and more frequent and that is understandably burdensome for anyone with a website.

I should point out that all websites are vulnerable, but as Wordpress is the most common platform, it is the current favourite target of hackers.

If you get hacked…

Do not take it personally. Most of the time hacking is random, anonymous and largely automated. It is very rarely about targeting an individual so – even though it feels awful, just like having your house broken into – it is not personal.

Those with a foot in the world of technology will know that hacking and malware are simply a reality of the digital world. As in the real world, we always make sure our doors are locked and the alarm systems armed!  

Further reading

Run a free scan of your website: https://sitecheck.sucuri.net

FAQs on Wordpress security:
make.wordpress.org/core/handbook/reporting-security-vulnerabilities 

Google's tips for safe internet usage:
mashable.com/2013/02/05/google-security-tips-safer-internet-day 

10 fraud prevention tips:
businessinsider.com/10-fraud-prevention-tips-you-havent-heard-over-and-over-2012-3?IR=T

About Kristen Harrison

Kristen Harrison has a unique mix of experience in both traditional publishing (in production and editorial at Penguin UK), digital publishing and web development. She is the founder of the innovative publishing company, The Curved House and co-founder and curator of Visual Verse, an online anthology of art and writing. Kristen runs regular website and social media surgeries for members of the Society of Authors.  

Back to Guides and Articles