The best possible way how to protect your website is to take a few action steps to prevent possible attacks. Here are a few recommendations.
Make sure your passwords and user names are strong, not easy to guess, at least 8-character long password. Use not only characters, but also numbers and special characters in the passwords. If possible, do not use easy to guess administration account names, like ‘admin’, ‘administrator’ or ‘root’.
Back up all the data regularly. Do not forget, that your data are not only in the database (e.g. WordPress database), but also on your server file system. Back up those files too. It is usually OK to back up every week, but if you update your website frequently (e.g. you’re running a busy blog), backup every day. It is not that complicated, there are many tools that can help you.
If you are running a WordPress blog, it is easy to install “WP-DB-Backup” or “WP-Dbmanager” plugins that help you backup your database automatically. Just set it and forget it. They will email you the backup file of your website every day or every week. Use also “WordPress Backup” plugin that will back up the files on the server (yes, I know, those plug-in’s names are almost identical). This plugin works the same way as the previous ones – just set it and forget it.
The easy way to stay ahead is to make sure you use the latest versions of the products (e.g. the latest version of your WordPress). This way all the known errors and security problems are fixed there.
However, this is a double-edged sword. The major software upgrade usually has a lot of new code, thus a lot of possibilities for security problems. So the safest way is to use older major software version with all the security fixes.
For example, the newest major version line of WordPress is now v. 2.9, and the latest fix version (minor version) is 2.9.2. The older major version was 2.8, with the latest fix 2.8.6. This version (2.8.6.) could be the good, stable version to use.
When you website or blog was hacked, first, do not panic. If you have your data properly backed up, you didn’t lose much. Contact your webmaster or hosting company to help with the recovery. It is also good contact the hosting company. They probably already took some steps to prevent the hacks or even made some actions to recover your files.
WP-Dbmanager plugin also offers the easy database recovery option, so you can recover the database easily. However, make sure your other files are OK too. The hacker attack can have different forms. Sometimes the website is only changed at some places, sometimes all the files are messed up, sometimes the whole database and file system gets deleted. If you do not have your data backed up, there is nothing you can do, so be sure you have you back up system up today.
During the recovery, change all the names and passwords and all the access data for the new installation. And if you used the same names and passwords somewhere else, change them there too. As you can see, the recovery is not that easy. When building a business web site make sure you hard work is not lost. So make sure your website gets backed-up regularly.