We have a couple of clients who have been dealing with malware at their websites, and the question arises: who’s at fault? The designer suggests that it’s the hosting company, the hosting company suggests that it’s the designer, and both want the site owners to update their passwords.
It reminds me of the safety advice given to women. Stay out of dangerous places, don’t dress immodestly, don’t walk alone after dark — not that this is necessarily bad advice. The problem is that it can so easily be turned around to suggest that a woman who is attacked is at fault because she walked alone after dark.
If your website is hacked, who is at fault? The criminal who hacked your website.
Here are some things you can — and should — do to help keep your website safe from hackers:
- Keep your software current. Your ancient website is an easier target than a new one. If you use WordPress or another CMS, update when it’s time to update. Upgrades and updates of software often fix security issues.
- Use unique passwords (that is, not the same password for everything) and change them occasionally. Choose strong passwords, too. The name of your dog or child or a simple sequence of numbers will be easy to guess.
- Don’t automatically go with the cheapest hosting; choose a hosting company with good security measures.
- Think twice about allowing visitors to upload files to your website. Sometimes it’s necessary for your business, but minimize these opportunities.
- Keep an eye on your website. If you are your own webmaster, then you are responsible for noticing when there is a problem at your website. Catching it early can make all the difference.
Take these steps to help keep your site safe. If your site is compromised, contact your webmaster immediately to get things cleaned up.
However, you are not at fault if your site is hacked. Your designer is not at fault. Your hosting company is not even at fault, though they should be the first ones you contact. The hacker is at fault.