Everything You Need To Know About Website Security
In a world with millions – perhaps billions – of websites, small business shouldn’t have to worry about website security, right? It should only be big companies like Walmart and Microsoft that need to worry about hacks. After all, they’re the ones with all that sensitive information to steal… why would anyone bother with a local business’ website?
Truth is, hackers don’t discriminate. Hackers don’t spend hours looking for the perfect site to break into. Hackers don’t care if you’re a tree care business, a lawyer, or a restaurant. Hackers don’t care how much traffic you have on your website…
In a world with millions of websites, no website is special, and every website is a target. That means that proper website security is paramount for any and every website.
Outside of Bruce Willis movies, hacking – and basically everything else – is pretty mundane. Instead of finding the few lines of computer code that can somehow shut down infrastructure, most hacks are about spreading viruses, most of which are used to capture sensitive information. It’s a bit like crowd-sourcing; instead of trying to break through the security that companies like Walmart pay entire teams to maintain, hackers gather information slowly from a lot of sites.
Why? There are many reasons, but the most common are for spam, using a server as a proxy, and to spread viruses.
Spam: Many hacks are trying to access the server your website is hosted on so it can be used to send spam emails. Hackers can usually send thousands of emails before hosting companies notice. This has the added danger of your server potentially being flagged by other email servers as a dangerous or illegitimate source. This can lead to emails from your domain always going to spam, or being outright rejected by many mail servers, including Google.
With so many email servers and services, once your domain or server is flagged, it can be a truly daunting task to restore your server’s reputation.
Proxies: Sometimes all hackers want is to use a little bit of your server’s power, or to use your server to mask their identity while performing other – sometimes illegal – tasks.
Viruses: Your website may be hacked and used to spread viruses. Once these viruses infect visitors to your site, they can be used to collect information like internet passwords, credit card numbers, and more.
At the end of the day, most hacking is used to gather sensitive information, or make money – a hacker who can distribute a lot of spam will sell that distribution for profit. All the while, everything that a hacker does will drive your website’s reputation down, hurting search rankings, and potentially your reputation with customers and clients. If a customer sees a Malware warning when they visit your site, they might think twice about doing business with you. In an age when an online presence is all but required, website security can make or break a business.
How Do They Hack?
There are a few ways to hack into a website or server, but we’ll focus on the two most common: exploiting old and outdated software, and exploiting poor security.
Exploiting Old Software: If there’s a will there’s a way, and if there’s a technology that a lot of people are using, there’s someone trying to find its vulnerabilities. With 46% of all websites now built on WordPress, it’s a pretty obvious target for hackers. Many hacks will focus on sites that have outdated versions of software that they have found a way to exploit.
Exploiting Poor Security: Weak passwords and standard usernames on websites can spell serious trouble. If a hacker can gain access to a website as an administrator, they have almost full control over it.
Most hacks and website security issues are due to a lack of diligence. If a website’s software is kept up-to-date, and proper precautions with usernames and passwords are taken, the risks of hacking are dramatically lowered.
When we build a site for any client, we build it with a eye on website security. We take the necessary precautions to ensure that when a website is launched, it has ample protection.
Premium Themes and Plugins: We only use tried and true WordPress themes, purchased from reputable sources. We carefully review their download history, user ratings, and the frequency of their updates. The same goes for plugins – we carefully vet the programs and software we use, keeping an eye out for possible vulnerabilities.
User Roles & Two-Factor Authentification: Weak passwords and usernames are a major concern. For every website we require a unique username and a 32-character alphanumeric password for any user that has administrator access. For eCommerce and other high-traffic sites, we employ two-factor authentication for administrators.
Backups & Security: Even if you do everything right, sometimes website security can be breached. That’s why we install a security plugin that scans our websites, and alerts us to any major problems, allowing us to act swiftly when there is an issue. We can also access site backups to start from a clean slate if anything slips through the cracks.
Website Security Maintenance
With as many security features built in as possible, DogCat Marketing websites start with the right footing. However, without maintenance, the software on these sites becomes vulnerable to attacks. Consistent upkeep and updates are required to keep a website secure.
At DogCat Marketing, we offer a monthly service that will keep your site up to date and safe from most attacks. It’s almost ridiculously inexpensive. Get in touch today to find out more about protecting your investment in your online presence.