How Secure Is Your Website?
Hackers struck again – this time targeting the cheating website Ashley Madison. The personal, and very damaging, information of over 35 million people was exposed on the dark web (and now universally searchable). And while this revelation may feel more like karmic justice than a scary breach, it does show how our information is vulnerable to attack, even with all the assurances of secure websites. Web developers have a choice when approaching the security of their websites.
- Option 1: Take on security themselves. Some developers believe they can handle the myriad of security issues out there, but sadly, this is rarely the case. Remember, hackers have broken into the biggest websites in the world – large corporations, governmental organizations and more. How do web developers expect to fight that? Customers that request custom-built programs housing sensitive information must be aware of these limitations.
- Option 2: Assume that no-one in the world is truly interested in hacking your site. Well, this just isn’t true. If you happen to install security software on your server, you’ll be amazed at the number of failed logins and brute force attacks that hit your content management system daily, weekly and monthly. Luckily, most of these are automated bots using common username and password combinations to access the site and cause a nuisance. While your website may not be a priority to a hacker, bots are getting more sophisticated and some are just out to cause trouble and you may be the unlucky one that gets caught in their net.
- Option 3: Be smart about what you can control and leave security to the experts. First, choose a hosting company that puts an emphasis on security. Then make sure that all passwords are highly secure – at least 8-10 alphanumeric characters with capitals and special characters. Install appropriate security software – there are hundreds of security integrations for your content management system. Further, most major online payment providers offer free plug-ins that work seamlessly with popular systems. For higher value data, including protected health information, security consultants/experts should be employed for compliance.
Ultimately, site owners and web developers have to consider their visitors when they choose one of the options above. Unfortunately, hackers are getting better and better at wreaking havoc on under-protected websites. Software needs to be patched and upgraded regularly to eliminate visitor and webmaster headaches. Popular content management systems have the advantage of hundreds, if not thousands of developers that keep up on security and expose holes before hackers get to them.
If you’re using WordPress CMS, here are a few good tips to follow:
- Eliminate the default “admin” user in your account
- Stay abreast of updates to your CMS and make sure you are running the latest versions of core software and plug-ins
- Install a great security plug-in like Sucuri. Luckily, you don’t need to pay for it (although they do offer an excellent pay-for-protection service). This will track and notify you of changes to your site along with failed and successful logins to your CMS
- Install a website firewall – there are many free or low cost options out there
- Keep a backup. You can do this manually or your hosting company may have a very good backup regimen. The other option is to download a plugin that does this for you, backing the site up to Dropbox or other cloud storage applications on a regular basis
- Consider limiting login attempts. This can be done manually or via plug-in
No matter what you do, just remember that an ounce of prevention is worth a pound of cure and this rings true for web properties as well.