How secure is your site?

BY Christo Mabbs

{Front-End Web Developer}

17 May 2017

Reading Time: 3 minutes

As important as online security is, it’s often something we don’t take seriously enough until it’s too late.  When a site goes down due to a hack it’s straight up scary, your entire website and online data is at serious risk.  Depending on how you’ve setup your website, the fix can be as simple as restoring a backup or as disastrous as losing your entire site!

The threat of an attack has become ever more worrisome in recent years.  Websites are never just pages of static content anymore.  Even the most basic websites these days have integrated blogs and news pages.  At worst, your site may host an online store, an application with thousands of daily users or a database storing confidential information.

Despite what you may think, most hacks do not take place with a scary nerd in a dark room firing away on Linux command line.  Most hacks actually take place automatically by robots “crawling” through search engines, such as Google, to seek out vulnerable websites.  This means most attacks are not personal attacks, but completely automated.  Despite what you may think, this is actually good news.
Since all these bots are looking for are obvious vulnerabilities in your website, the fix is simple: stay on top of those vulnerabilities.

Keep WordPress Core and Theme Updated

Software security systems are never perfect, and WordPress is no exception. WordPress has come a long way from being a humble blog platform to a flexible Content Management System. WordPress currently hosts an estimated 30% of all websites on the internet and holds over 75% of websites using a Content Management Systems.

This is excellent cause for hackers to search for vulnerabilities in WordPress specifically. Fortunately, the developers of WordPress are constantly updating the platform as technologies evolve and different vulnerabilities are identified. It’s important to keep your site as up to date as possible as these updates become available.

Plugins: A Major Security Hole

Plugins might seem harmless, but an estimated 55% of all hacks come from vulnerabilities in plugins. That’s over half of all attacks!

Our rule of thumb here at Digital Noir is to never use a plugin unless it’s absolutely necessary. Each new plugin represents a security threat which usually isn’t worth the risk. It may be tempting to use just any plugin to solve a problem, but you shouldn’t install a plugin unless you find it absolutely necessary to the site. Before installing a plugin, also make sure it has been developed by a reputable developer and that it’s regularly updated.

Once the plugin is installed, just like the core installation, it’s important to keep it as up to date as possible. Equally important is to keep an eye on when a plugin isn’t being updated. If a plugin has been abandoned by a developer it’s time to get rid of it! Be sure to delete all unused plugins too, rather than just deactivating them.

Use Strong, Unique Login Credentials

Bots are constantly roaming the web guessing passwords for login pages, we get updates on this every day and there’s nothing you can do to stop it.

This is one you’ve probably heard before. Don’t use obvious usernames such as admin or user. Also be sure to use a strong password for your website. You can have them generated by services such as LastPass and Norton provide for you if you need help here.

Make sure the password is also unique (i.e. you’re not using it elsewhere). If you find it difficult to keep track of all your passwords like I do, you can use trusted software to safely store your passwords such as LastPass.

Use a Reliable, Trusted Host

Good web hosting providers can be expensive, but cheap hosts often don’t take reasonable measures to ensure security. We recently had to deal with an attack where the hacker appeared to have gained access to the server itself. When we asked for assistance from the website’s hosting provider, their tech support told us they were simply unable to help us. After threatening to switch hosting if they couldn’t assist us, they actually encouraged us to leave. This is not the kind of service you want.

There are a few things to look out for in a hosting provider. Built in SSL and SFTP are essential. These services allow for private communication between your PC and the server. Without these kinds of technologies, it is possible for hackers to listen to the communication and download the private files being sent between the two.

Look out for sites which also provide regular backups in case something does go wrong and be sure to look at what others are saying about the hosting providers, especially in regards to online security. If you’re finding a lot of negative chat online then there is clearly something wrong with the provider. Having an online attack leaves you incredibly vulnerable, and you need to be sure you’ll have experts looking after you when something goes wrong.

If you need more advice on how to keep your security in tip top condition, follow us on our socials for tips and tricks.

Like what you see?
Subscribe now to receive regular updates