Jul 15, 2015
Like any other company that helps people achieve their goals online, we like to try and keep a revolving knowledge of what security should be implemented on websites and share a little bit about what that looks like.
We’ve used several web technologies, including WordPress, Joomla, Modx, etc. By far our largest base is WordPress sites. Flexibility, scalability and ease of use are among the primary reasons we’ve chosen it time and time again. It’s been reported by Smashing Magazine that up to 700 million websites today feature WordPress as it’s backend, which lends further credit to why it is a popular choice.
No Website is Hack Proof
We’ve seen time and time again that no website is hack proof. That thieves can break into the FBI database in 2012 and steal potentially millions of Apple ID’s can show you that a small business in Tucson Arizona doesn’t have guaranteed safety simply using a well put-together web software.
It’s worth saying that even if we (or any other company for that matter) have a working “Best Practices” for security, those weren’t the best practices from a year ago. In other words, as the internet has evolved, those who are invested in attacking it have become more sophisticated as well.
There was a time when all a company was looking to do was just get a website up. The talk on the street was “Everyone else had one, and you should too!”. The web has slowly crawled into our daily lives in such a way that our websites are becoming a part of our business identity, our marketing, means of handling customers, possibly even bringing in revenue directly to the business. As websites have become better and more complicated, there are more moving parts that can become vulnerable.
What To Look For
We thought it was a good idea to talk about some things that you’ll see on your website. A common misconception is that someone wants to break into your site to wreck it. This usually isn’t the case. It’s always in the attacker’s best interest to make it appear that your website is functioning normally and use it as a way to capture data on your users, or to deliver spam, or possibly distribute malware, viruses, etc, or maybe even to just backlink to another website or use it as a relay for web videos.
What you’ll probably see is your website behaving normally but you’ll encounter oddities. If you subscribe to analytic software or get regular reports on your traffic you might see odd page requests. You might get emails from customers talking about their web browser reported the site as possibly containing malicious software. It will probably be small nuances like this that should alert you that something is amiss.
Getting these reports should prompt you to reach out and contact your website developer, or at the very least contact your host. A good host can help determine if there is a problem. While many hosts can’t directly intervene and fix it for you, they can usually confirm what’s happening and help you understand what to do to fix it. Normally a web developer will need to step in and either delete the malicious files or code or in really awful cases, salvage the site.
What Should You Do?
One simple thing you should do is at least ask some basic questions about who is developing your website regarding security. There are some fairly simple steps you can take, especially with systems like WordPress, to maintain a relatively good level of security. While a determined and experienced attacker might still know ways to gain access to limited areas of the website, inexperienced attackers will not be able to use simple exploits.
Don’t just let the site go. Even if it will cost an hour or two in development work every few months to perform maintenance on the site, that is money well spent to make sure all software, plugins, themes and the entire site is backed up. An effective way to maintain safety is if your entire site is backed up and a catastrophic attack renders the website worth not salvaging (this rarely happens by the way) then having a complete backup will literally allow you to bring the entire site back up in a matter of a few hours. This greatly reduces the cost of having the rebuild the entire site from old data.
If you have an ongoing marketing or SEO campaign, inquire if backup can be a part of it. Regular maintenance and backups typically only take a half an hour and can most likely be added for a marginal (if any) fee.