Yes, zombies do exist—at least when it comes to websites. But unlike other ghouls and goblins that only surface on Halloween night, these walking dead webpages can cause nightmares year-round. Here’s how you can keep your website from becoming a zombie and protect yourself from those who have already been infected.
What is a Zombie Website?
We use the term “zombie website” to describe how hackers can compromise your website and use it for their own nefarious purposes. They’ll use this technique to spam the Internet, hack other websites, or even continue to spread the virus just because they can. Much like the machete-wielding character who somehow still manages to get bitten in the first act of zombie flicks, your hacked domain can easily fall prey to these tactics, cursed to stalk the web in search of another victim. That is, unless you follow the Zombie (Website) Survival Guide:
1. Keep Your Software Updated
Open-source content management systems (CMS) have several advantages, chiefly that anybody can look at the source code. In the case of WordPress, a popular open-source CMS, millions of people use it every day. That means millions of eyes are going through the code on the lookout for 1) exploits and 2) fixes to these exploits. Whenever you get hacked, that generally means the people who found the exploit in the code were able to take advantage of it before you could either update your software, or before a patch was released to fix it.
The most important thing you can do is to make sure you keep your software updated, as well as any plugins your website may be utilizing. Luckily, WordPress makes these updates easy for users. When you log in to the administrative panel, a yellow banner will pop up near the top of the control panel letting you know that an update is available. The sidebar of your WordPress control panel will alert you when your plugins need to be updated.
2. Be Smart About Passwords
What about the worst-case hacking scenario—someone obtains your database or FTP password. Don’t use the same password repeatedly across the net; generate random passwords using lower- and upper-case letters, numbers and symbols in order to make it harder for hackers to guess your password. If you use the same password for your email and your bank account, hackers who stole either password could easily link the two associated accounts together and steal even more valuable information.
The key with zombies is keeping your distance; with zombie websites, it’s password length. Using current computing technology, a hacker could crack any 8-digit password in a day. A 12-digit password? That timeframe is longer than the universe has been around. So if you’re still using “password123” for your website login, you might as well leave your car in a bad neighborhood with the doors unlocked, the windows down and the keys in the ignition.
The truth is that no one is ever totally safe from hackers (or zombies)—all you can do is protect yourself. Update your zombie apocalypse weapons arsenal with the latest versions of your CMS software and any associated plug-ins. Passwords should never be shorter than 12 characters. Ever. Put your newfound Internet security skill set to good use, and zombie websites don’t stand a chance!
Image credit: http://www.maxbrookszombieworld.com