Why is my new website being hacked?

Deploying or launching a new website appears as a single line entry in an invoice, but it can be the difference between success and failure.

The majority of new website owners have the perception that putting a website live is like turning on the lights in your new home.

Expecting your website deployment to be turn-key is often far from the truth, and it’s an issue that can either set you up to succeed or fail spending hours of testing to only realise it wasn’t done right in the first place.

It doesn’t matter if your website is cheap, medium-cost or expensive; these issues are no respecter of how well built your site was.

Website owners rely on plugins to do most of the tasks outside of their expertise without realising the importance of procedural website deployment and the work that goes into it.

Most hacked websites we fix never had a chance from the beginning; those that did have protection didn’t have a proper understanding of security. Instead, a website design would install a security plugin in the hope that it would mitigate any security breaches, and that’s all they had to do to satisfy any security requirements.

A typical security routine would be to have one security plugin (usually a free one) and the admin login URL hidden or obscured. PHP blocked from the wp-content folders and some routine malware checks.

What most people fail to check when launching a new website its too:

1) look for previously hidden folders used by hackers

2) check the domain reputation

3) do form auditing

4) check for content plagiarism

5) check that search engines are not caching the old website sitemaps

6) search for broken links

There are over 100 different tasks that you should do when putting a website live, and most people only do a few of them.

Typically, this is why the task only appears as a single line entry on your invoice.

Some argue that some of these get covered by SEO, and others suggest your hosting provider covers these.

Don’t assume that they are because what if they aren’t?

Many assumptions get made in this undervalued and misunderstood task.

Of the list of tasks, some guides help individual circumstances. Still, unless you have experience in them, it’s too much info and not enough correct guidance, so most professionals will not do it correctly, not from lack of trying but more a lack of experience.

It requires a cross over of skill sets:

• Website Security
• Domain management
• Hosting management
• Server management
• Website development
• Web server configuration
• PHP configuration
• SEO
• Reputation management

You don’t need to be an expert across all disciplines, an understanding of just some specifics of each in relevance to deploying a new website.

This week one website I had a look at had a domain that sends mail to the wrong mail server most of the time and the right mail server occasionally.

The fault had gone undiagnosed, and it was a straightforward fix.

Another common issue we see is the practice of website designers putting websites live but leaving the hackers content behind.

The new site looks great but will be blacklisted for many years to come due to the list they’re on. No one realised you have to fix the reputation before launch and assumed launching did that automatically.

Some argue that if you’re doing paid ads this isn’t important but what if it is and you don’t realise it?

Spoiler alert, these tasks are critical and will help prevent your website from being hacked or slowing down over time.