Securing your website effectivelyReading Time: 4 minutes
The unfortunate truth in today’s modern world is that websites are hacked frequently, for owners that may result in the potential of losing everything.
Majority of security breaches are not necessarily attempts to capture data, but deceitful tactics to turn your server into an email rely for spam. It is important for any business, small or large to keep up with emerging threats and ensure that defenses are at a maximum.
Hyper Text Transfer Secure (HTTPS) is a secure communications protocol used to provide security over the internet. It guarantees that no one else can intercept or change content when in transit, only you and the webserver can see what data is transmitted. Should a website have login pages, credit card acceptance or similar, you most certainly would require an HTTPS.
It has been found that 60% of websites do not have an HTTPS. Chrome and other modern browsers such as Firefox are also going to make it much more obvious to the user that a site is not secure, and call for HTTPS to be present everywhere on the web. As of January 2017, Chromes latest release has made this fact quite evident. Effective July 2018, Chrome will mark non-HTTPS sites as not secure. Firefox version 51 have also released security warnings
This extra layer of security will not only guarantee protection, but as a bonus will slightly increase your Google ranking. What is defined by ‘slight’ does not mean you are guaranteed to be at the number one spot, but instead imagine this scenario. If two sites are almost identical in page position, owning an HTTPS will most obviously place you higher.
As a website owner, it is essential to make sure that all software and operating systems are up to date. Dated software can lead to security holes, or what is commonly known as a backdoor allowing unauthorized access.
If you have a managed hosting solution such as shared hosting, typically there is nothing to worry about as your vendor will take care of these system updates. However, other options such as VPS or dedicated servers will require management, so it is important to understand if you have fully managed solution or partial.
Third-party software such as a CMS or forums should be supervised daily as security patches are often released. CMS providers such as WordPress, Joomla and Drupal constantly provide regular updates to guarantee their software is resistant to attacks.
Compromised attacks in a CMS does not mean that the software is always at fault. For example, WordPress is a very popular and powerful CMS used by many companies, it was found that outdated core software was the issue only by 56% in comparison to Joomla (85%), Drupal (81%) and Magento (97%) as stated in a recent article last year Security firm Sucuri. They discovered that from all the compromised WordPress sites analyzed, the intrusion point was inside a vulnerable plugin that has not been updated after a length of time. It is imperative to monitor activity, deleting all un-used plug-ins and constantly updating those with new updates.
Thankfully most CMS software will provide instructions to when updates are available, overall it is worth checking to make sure that these alerts are being forwarded to your attention.
It is common knowledge to have a password that is complex and updated regularly, but still users are not following instructions to what a good password actually means. Over the years there has been a disturbing rise of attacks related to simply a poor password.
A strong password should be a combination of alphanumeric characters, upper/lower case letters and symbols, at least 8-12 characters long. Ideally it should not be a recognizable word and something that should not be found in the dictionary. On a positive note, most CMS systems, accounts and products will enforce a good password during teh signup process however, it is still a good practice to have a different password for every website.
If remembering passwords becomes difficult, there are services that can help such as 1Password that store all of them in the cloud. If you need something a little more local, try such services as Advast Passwords or LastPass.
It is best to be smart as your business is everything. Make the right choices, stay informed and make sure you have a help at hand when needed for larger tasks. Time4design receive hacking support requests perhaps 10% each year, and although we find a solution, its best for you that the call is never made. Make sure that you have devoted your resources to website security.