Is your website in safe hands?
Most website publishing content management systems have at some point been vulnerable to attack, with the most popular platforms WordPress, Joomla and Drupal often being hacked as a result of outdated software and/or insecure hosting platforms.
Websites in general, regardless of their coding language, CMS platform or hosting environment are at risk from intelligent robots, which trawl the net looking to exploit flaws within the code. Often the motive is the same: to cause maximum disruption and some attacks will be aiming to achieve media attention.
The most common and frustrating attacks include rogue form submissions which often lead to website owners implementing ‘are you human’ solutions, which negatively impact data capture effectiveness. Database injection attacks which can lead to defaced websites and data loss, and denial of service (DOS) attacks, which cause outages and poor performance are also widespread.
The worst attacks can take over your website to promote unpleasant goods and services, others will automatically redirect visitors to other websites, which can have a dramatic impact on your brand and its reputation.
Doing the simple things well might be enough to protect your online presence.
The most basic defences include;
- Using complex passwords and changing them regularly
- Hosting your website with a reputable service provider
- Choosing a managed service,
- Checking that restoration from backup actually works by testing it
- Agreeing a maintenance schedule to ensure patches and updates are tested and applied shortly after release.
Double-check and check again that your backup service is reliable. Some hosts will backup your website to cover themselves in the event of a major failure. However their backups may not be accessible to their customers quickly and easily in the event of your website being compromised.
I've seen it all when it comes to backup, and urge you to never trust a backup service until you’ve successfully completed a restore. You should also enable email notifications and alerts where possible. We know daily emails of this nature are a nuisance, but they’ll provide an important clue when something does go wrong.
Whilst it’s relatively straightforward (and very important) to apply the frequent software patches and updates which software vendor’s release, a good developer will ensure the latest secure code is used for embedding and integrating with 3rd party services. A reputable host will maintain up-to-date servers and the most secure hosting infrastructure.
Incremental updates often provide fixes and enhancements to security, whereas new releases often provide new features and functionality. However, vendors typically strive for maximum security and therefore constantly rollout improved security in incremental and major updates.
There are a plethora of techniques to secure a website. Most notably each CMS vendor provides guidance on best security practices, which usually have to be applied manually as they’re not always options within the CMS and might require specialist expertise – some points are considerably easier to implement than others.
Some examples of vendor guidelines:
The fundamental point here is that you should check your designer, developer or agency has implemented security best practice for your solution, it’s often not added unless you request it.
Ensure you know who is responsible for what, from DNS and server management, to the process of restoring your site and cleaning up any knock on impact like search results pages.
Be sure that you know what you’re paying for, what is and isn’t included within the scope of your project, hosting costs and ongoing maintenance agreement. Double-check your contract terms paying close attention to response times and responsibility for loss of data, upgrades, hacks and identification of threats.
Clients love the peace of mind gained when shown how quickly and easily content can be restored from a backup service. Ask for a demo so you can be sure you’re suitably covered.
Backup is easy to forget about until it’s too late; it’s ultimately your responsibility that it’s covered. What use is a lawsuit when your website goes offline?
If you have concerns about the security or backup for your website, act now!