Protecting Your Website – Site Security 101

A few hours before writing this, I spoke to a colleague who was having a really bad day. His server had been compromised, and all of the websites that were hosted on the server were no longer accessible from the internet. He had around 40 sites, both his own sites and sites he was hosting for his clients. He was panicking and was working with the hosting company to try to repair the damage and get the sites online, as he was fielding angry phone calls from his clients demanding to know why their sites were down.

After spending the whole day on the issue, he was eventually able to get all the sites to work again. But watching him go through this situation reminded me about the importance of protecting websites from external threats on the web. As this situation is not unique and happens so often to site owners, I thought that a quick Intro article to web security would be a good thing to write about.

How big a website do you need to have before you need to worry about securing your site? This is a actually a trick question, as all websites are vulnerable to attacks by hackers and spammers. Once a site is connected to the internet, there are any number of ways it can be compromised. So what can you do to protect your website from attacks?

There are several things site owners should be doing to make sure there are no obvious holes in their sites security and to protect themselves should a site become compromised. I will run through some of the basic protections which should be used on EVERY site, and then discuss some more advanced protections which should be implemented for various larger sites, as well as the situations which merit enhanced security.

All sites should include the following protections:

Regular Backups:

This seems like a no-brainer but I am constantly surprised at how many site owners do not take regular backups of their websites. I have had to create several sites from scratch because the site was completely erased from the server and their previous developer never bothered to install a way to backup the site and did not maintain an offline copy of the site. There are tons of ways to backup your site.

Many hosting companies offer a service to take backups of your site or your server which are worth considering. I typically use Akeeba Backup for Joomla sites and Backupbuddy for WordPress sites. With regular backups, even if everything is erased from your server you can still restore your site back to the same state it was in when the backup is taken. There is no downside to taking backups.

Stay Up to Date:
hacked-update
Core CMS, Themes and Plugins for your website are updated often, and these updates are not just cosmetic in nature. Many of them are actually updates which fix security holes which can be or have been exploited by hackers. By not updating these files, you are leaving your site wide open to be attacked.

Also, removing any plugins you are not using from your site is a smart thing to do. The more points of entry that you have on your site, the easier it will be for hackers to access. Having extra plugins and files on your site will also make the job of tracing the point of entry of an attack that much harder, as you have more files which could have been used to hack your site.

Password Management:
hacked-password
Proper management of passwords is not high on a site owners priority lists until they already have a problem. Weak passwords and commonly used passwords are still being used by so many businesses, despite the amount of articles and warnings published over the years warning of the dangers related to weak and common passwords. All passwords on your site should: be 8 or more characters long, be case sensitive, have one or more capital letters, contain both letters and numbers, and should be changed regularly.

User Management:
hacked-username
User management is easy to do, if someone thinks of doing it. When a person with access to your site is fired or quits, you have to remember to revoke all access permissions for that user. Ex-employees with an axe to grind can publish your login information, make changes to your site, or install software designed to exploit your business or your clients. Also, it is never a good idea to let staff share the same username and password. This makes problems harder to backtrack and removes any accountability for staff should any illicit activity be discovered.

By following these simple best practices outlined above, you can greatly reduce the risk of your site falling victim to hacking, and protect yourself should the worst happen. It is a scary world online, and if you are not doing anything to protect your site, you will have no one but yourself to blame should you have to suffer the consequences of having your data deleted, or suddenly find your site is advertising Chinese pharmaceuticals.

 

 

Images from Pixabay used under Creative Commons CC 0

    Comments

    1. Avatar for admin Myrta Crews : July 15, 2016 at 5:40 pm

      Just desire to say your article is as astonishing. The clearness in your post is just excellent and i could assume you are an expert on this subject. Well with your permission allow me to grab your feed to keep updated with forthcoming post. Thanks a million and please carry on the gratifying work.

    2. Avatar for admin MaryaWOcanaz : July 23, 2016 at 8:08 pm

      Hello, just desired to say, I loved this article.
      It was funny. Carry on posting!

    3. Avatar for admin Edgar Warsme : July 25, 2016 at 10:15 am

      I am sure this bit of writing has touched all of the internet users,
      its really really fastidious post on strengthening new website.

    4. Avatar for admin Katrice Swan : July 27, 2016 at 11:03 pm

      hey there and thank you for your info – I’ve certainly found anything new from right
      here. I have done however expertise some technical points applying
      this site, as I experienced to reload the website many times
      previous to I was able to get it to load properly. I had been wondering when your web host is OK?
      Not really that I am just complaining, but slow loading instances times will very frequently affect
      your placement in the search engines and could damage your
      top quality score if ads and marketing with Adwords. Well I am adding
      this RSS to my email and could be aware of much much more of your respective intriguing content.
      Be sure you update this again soon.

    5. Hey! Someone in my Facebook group shared this site with us therefore i arrived at look
      it over. I’m definitely enjoying the details. I’m book-marking and will be tweeting this to my followers!

      Wonderful blog and excellent design.

    6. Nice blog here! Also your website loads up extremely fast!

      What host are you presently using? Can I get the affiliate hyperlink
      to your host? I wish my website loaded as quickly as yours
      lol

      • Avatar for admin Elliott Farber : August 18, 2016 at 10:10 pm

        Thanks! The site is hosted with 1and1. I have been very happy with the site speed since moving my hosting there.

    7. An impressive share! I’ve just forwarded this onto a colleague who was conducting a little homework on this.
      And he in fact bought me dinner simply because I found it for him…
      lol. So let me reword this…. Thanks for the meal!! But yeah, thanks for spending some time to
      discuss this matter here on your site.

    8. If you are going for most excellent contents like me, simply
      visit this web site on a regular basis because it gives quality contents, thanks

    9. Hi there! I recently wished to ask if you ever have any trouble with hackers?
      My last blog (wordpress) was hacked and so i wound up losing a couple of
      months of work on account of no data backup.
      Do you have any methods to control hackers?

    10. Hi are using WordPress for your blog platform? I’m new to the blog world but I’m trying to get started and create my own. Do you need any html coding knowledge to make your own blog?
      Any help would be really appreciated!

      • My blog is built using WordPress. You can find many places online to purchase themes for WordPress, and if the theme looks the way you want it to look, you can make simple modifications without any coding knowledge. It is also highly recommended to purchase a plugin to backup your site, or choose a web host that does daily or weekly backups to protect your website.

    Leave a Reply

    Your email address will not be published. Required fields are marked *