Check if my Site is Blacklisted
If you find yourself doing a site blacklist check, there’s a good chance that it’s because you’ve been hacked and you want to know whether that has caused blacklisting authorities to block your site. Presumably, this is an exercise you want to avoid and the good news is that some basic security awareness is generally all you need. Here are some tips.
How to Check if your Site is Blacklisted?
- Make sure your server is secure
- Choose a well-support content management system
- Stick to a limited number of mainstream third-party add-ons
- Manage your users
If you want to avoid having to do a site blacklist check, there are four key steps you need to take. These are as follows.
- Make sure your server is secure
- Choose a well-support content management system
- Stick to a limited number of mainstream third-party add-ons
- Manage your users
1. Make sure your server is secure
There are basically two ways a hacker can infiltrate a website. These are through exploiting weaknesses in the website itself and through exploiting weaknesses in the server on which it is hosted. Both are your responsibility.
In practical terms, however, most SMBs are probably only going to take direct responsibility for the security of the website itself. They’ll use a third-party vendor for the server capacity. If that’s the case, then it’s vital to choose a host who prioritizes security, even if it means paying a bit extra.
2. Choose a well-support content management system
The smallest SMBs might want to look at an all-in-one, web-building solutions that combine hosting with a proprietary CMS. If you go down this route, then you are limited to what your vendor supports, but that may not be a huge issue for you.
The design options and general functionality (e.g. support for e-commerce) are likely to be more than enough for SMBs, especially smaller ones). There’s support for most, if not all, types of content, and the vendor essentially takes care of everything technical.
If, however, you want more, then you will need to look at one of the open-source CMS systems. Do your research. Choose the one which is right for you. WordPress is popular for a reason, but it’s far from the only option. Understand what you need to do to keep it secure. As a hint, failing to update a CMS system and/or associated software (e.g. plugins and scripts) is one of the major reasons SMBs find themselves needing to do so a site blacklist check after a hacking attack.
3. Stick to a limited number of mainstream third-party add-ons
One of the reasons the major CMS (especially WordPress) are so popular is that they have a great range of third-party extensions. You can indeed get some excellent options, many are free. It’s also true that there are some truly horrendous options, which are either actively malware or so badly written that they might as well be malware. There are also plenty of options in the middle, which might or might not be useful, but which definitely have the potential to lead to all sorts of security implications. The safest approach by far is to stick to a minimal number of mainstream options and even then do your research thoroughly.
4. Manage your users
User management (or the lack thereof) is another major reason why websites end up getting hacked. Your first step to avoiding this is to limit the number of people who have any sort of back-end access to your website, especially admin access.
Work out what tasks need to be performed and work out what level of access is required to perform these tasks. Then work out the minimum number of admin users and other users you need to function effectively. Remember that this number needs to work in practice rather than just on paper. In other words, think about the inevitable staff absences.
Give each of these users their own username and make them aware that you expect them to use a genuinely unique and strong password for their account. Realistically, the only way you can make this work is through education so make sure that it is clear to them that this is vital to maintaining your website’s security. Back this up with two-factor authentication if at all possible.
Be clear about the fact that these credentials are for their sole use. TFA can help to dissuade people from sharing login details, but it’s not guaranteed, especially when people are working in the same physical space. You can, however, work to control this by making sure there is a clear process by which people can get their own login details if they need them and robust (but fair) action taken if it is discovered that people are sharing login details.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
