Why should I protect my website?
What if one day you woke up to find your website had gone and your e-mail account had been hijacked! It’s a scary thought, especially for many small companies and tradesmen who rely on their websites to generate income.There are so many areas that can go wrong from your site being hijacked, hosting a virus or becoming blacklisted for spam! It’s one of the few scenarios that becomes a companies worst nightmare and scarily one that many companies never recover from!
In the simplest possible words, the security of your site virtually always comes down to you! For many, this is a daunting prospect and often leads to getting a third party in (such as ourselves) to ensure the site is managed and run, however, if you are keen to tackle this head on, this blog post will hopefully provide some help and pointers for you.
Why should I protect my website?
There are many reasons why but the most obvious will be down to company reputation, loss of earnings and financial costs for recovery. If for any reason you were to lose control of your site, or require a complete restore from a backup you can easily be looking at 4-8 hours work from a professional, if this is out of hours that’s goodbye to a good £30+ an hour! Prevention is always better than a cure!
Prevention is always better than a cure!
How and why do people hack my website? Why target me?
Simply put there are so many ways of hacking it would be too long of a task to list here, but attacks can range from replacing pages, or entire sites with alternatives, using your site to spread malware and viruses or using your platform and audience to send spam email.
A hacker will exploit any weakness to try and do this, normally concentrating on weak passwords or out of date software. Generally speaking they will use a bot (an automated computer program) to scan the internet for weaknesses, it’s very rare for a hacking attempt to be ‘personal’ and is virtually always down to there being a discovered weakness.
So what can I do to protect my site?
There are a few areas you can cover to ensure your website is protected as best as possible, these are;
- Keep software fully up to date
No software is 100% secure and thus as and when bugs, security glitches, and problems are found the software is updated to solve these issues. Therefore if you have an outdated bit of software it is more likely to have a security issue or weakness that any bot potentially can abuse. It is essential you keep any scripts or systems as up to date as possible, whether that is your WordPress install, plugins or even javascript libraries. Latest WordPress Versions - Ensure you use strong passwords
Naturally, you will have passwords for all the different areas of your IT life, from your email to your CMS, or your FTP through to your login password or even online banking. Ideally, you need to use a complex password using uppercase, lowercase, numbers, and symbols where possible. It’s also strongly advised that you use different passwords for different systems and change them on a regular rotation. If you struggle with this then there are many apps, browser extensions and software packages which can help manage, control and sort your passwords for you. - Use HTTPS if possible
Historically HTTPS was the magic secure padlock you used to see on payment areas of a website, but it is now considered a strong and default way of securing your whole site. We always recommend running your site in HTTPS mode by default and all of our websites and designs will do this using the LetsEncrypt project. - Use a WAF (Web Application Firewall)
A WAF or Web Application Firewall is a piece of software which will run in the background to detect suspicious activity and control who can access important features of your website. They will run a range of checks from monitoring login attempts, file structures, and databases. Most WAF’s on the market (especially the WordPress ones we use) will take pro-active steps to keep your site safe such as blocking users who try to guess a password. We are avid users of WordFence plugin for WordPress. - Keep regular backups
Perform regular backups automatically and store them offsite, if the worst was to ever happen this will at least enable the quickest possible recovery of your data. For all sites that we manage we run a daily backup of the site, the backups also include all e-mails stored on the server too. For backups, we like to use UpdraftPlus plugin for WordPress as well as the default hosting backups on the R1 backup system too! better safe than sorry.
So there we have it, a quick rundown of security. All of this is covered in our managed solutions, we can either design a new site for you or help manage any existing websites, just give us a shout for help.
All the best
Mike