It estimates that there are almost 1000 millions of websites, and is very probable that at least the 1% of them are infected websites, hacked or exposed. The problem with these websites is that they are focus of more and more infections and threats, because they are out there, available to everyone. Found infected websites is more common that you can think, remember that modern threats are very different than “old school” virus. Nowadays malicious code looks for passwords, credit card numbers and IDs. So to let those infected websites could be a disaster for a company not even related with availability of services (and just that is very serious) but the most critical part is the affectation of reputation of the company.
Some best practices could sound obvious, but the truth is that many companies publish their website and it stays static even for years, so maybe you can follow some if the next:
- Update hosting software: Most of the time this item does not depends on you, the hosting company should do it, but it’s a good idea just ask them just to be sure.
- Be careful with plugins, widgets and third party software: Modern web site are composed by many layers of code, each one of them should be clean and updated, just take a review.
- Access control: Be specially careful with your accounts, not always is possible but try to use not common usernames (admin, manager, root, etc..). Erase or deactivate unused accounts, and of course the password, always the password. This part does not have to be a sacrifice, one tip to form passwords easy to remember but strong is: take the 2 letters of each word one particular verse of your favorite song and combine them with some numbers, nothing obvious of course, and that is it, try it :)
These are just a few examples of good practice to minimize the risk to be hacked.