All Websites are a Target

Don’t assume your website is safe because it’s small or your business is small. They use code scripts called ‘bots’ to look for easy targets and they are after the hardware resource (your web server) and traffic (your visitors) to exploit.

There’s a lot of mischief a hacker can do with a compromised website, such as redirecting traffic to other sites, infecting visitors’ computers with viruses, and Dedicated Denial Of Service attacks on big companies’ or governments’ websites.

Why We Care

Essentially, a safer internet is beneficial to everyone except hackers.

In the past we have spent a lot of time repairing people’s hacked websites because their security was weak. And although we like to keep busy, we prefer spending our time creating new sites, so we stress that prevention is better than cure.

So we’d like to emphasise some key points for keeping your websites safe —

  1. Keep Your Website Updated
  2. Use Secure Passwords
  3. Use Anti-Virus Software
  4. Use Secure Hosting

#1 Keep Your Website Updated

If your website runs a CMS such as WordPress you have great flexibility and easy access. But the flip side is the hidden complexity of the system. It makes the website more vulnerable to hacking.

You can greatly reduce the risks by updating the website code whenever a new security update comes out. There are several ways of doing this and they can also be combined –

  1. AUTOMATIC UPDATES – eg. with WordPress you can set the themes, plugins and core code to automatically update. There are some risks here because sometimes updates don’t go smoothly. It may break your website’s functionality and need fixing manually. If you are not checking there could also be timelag in spotting that the website is ‘down’.
  2. MANUAL UPDATES – every 2-4 weeks you can login and do this yourself. You will need to be ready to backtrack if the update fails using a backup copy of your website. This happens occasionally. You will be able to check functionality without any timelag and thus minimise any downtime.
  3. CONTRACT OUT UPDATING – use an update service to carry this out for you. Make sure you understand the limits of what is covered.
  4. CONTRACT A SECURITY PLAN – this could be a specialist hardware firewall service, or even a full recovery service. Again make sure you understand the limits of what is covered.

#2 Use Secure Passwords

Your birthday. Nope. Your dog’s name. Nope. The word ‘password’. Nope! ABCDEFG. Nope. QWERTY. 123456. Nope, nope.

Predictability

To be frank, we all find passwords a pain. But many people underestimate the importance of good passwords. The point is, people are too predictable with their password choices. They are too short and too obvious, and people have a tendency to use the same one everywhere.

Extended Vulnerability

Important and supposedly secure databases on the internet get hacked. This is a security problem for us all. In these databases are people’s names, addresses, email addresses, phone numbers, dates of birth….and PASSWORDS!!! If you use the same password everywhere, you get all your online accounts potentially exposed.

Options

I suggest two.

  1. Either read up carefully about password good practice and follow this through.
  2. Or use a Password Manager that will look after all your passwords, autogenerate new ones on demand and autofill them when required. One good example is LastPass.

#3 Use Anti-Virus Software

Home and work computers do get hacked. Malicious code can be passively downloaded via an innocent visit to a hacked website. This potentially opens the door to hacking your website when you access the backend. The malicious code potentially may be monitoring all your actions.

Review Your Computer Setup

You should run anti-virus programmes on any device that you use to access the internet. You could also run anti-virus programmes on any device exposed to others that access the internet.

#4 Use Secure Hosting

Sometimes, no matter what you do, you cannot prevent a website being hacked. This is where secure web hosting has an important role to play. 

Review Your Hosting

Check that your hosting has good built-in security, eg. virus scanning, hardware firewalls, and good backup scheduling which enables quick recoveries. If these are not currently included, see if you can add them as extras. If not, maybe you should consider changing your hosting.

Our Skylime Hosting has most of these features already included. 

Background: WordPress Security Updates

WordPress is as secure as most other Content Management Systems. However, because it drives 40% (2 in 5) of all websites on the internet, it is the most attractive system for hackers to target. It also receives the quickest and most frequent security updates because there is a huge support network. Other CMS’ have their code weaknesses but receive less attention.

See the Numbers and Understand the Need

Over the last couple of years we have frequently posted information about the plugins and themes needing security updates (see blog item WordPress Security in March/April 2021).

In October there were 172 plugins and 1 themes needing security updates. In September it was 320 plugins and 3 themes, in August 149 and 0, in July 157 and 6. During this time the core system needed 1 update to fix 3 issues. [WordPress Vulnerability Reports]

Many of these plugins are in common use, eg. Ninja Forms, WooCommerce, Yoast SEO, WP Fastest Cache. They are not low usage. Even the popular Avada theme needed a security update this time.

Everyone using WordPress needs to manage security updates to minimise the chances of getting hacked.

Acknowledgements

Password Manager: LastPass

WordPress Vulnerability Reports: ithemes

Picture Source : Hacker PNG Free

Pin It on Pinterest

Share This