Website security, it’s important – we know it and you know it so that’s why we’re writing a blog about it.
Every form of open source software is vulnerable to hackers and scammers trying to exploit outdated software and with WordPress hitting 25% of market share, we’re betting that most of you reading this are using WordPress to run your site.
So, what kind of vulnerabilities could my site have?
This really depends on the kind and version of software you are running. For instance, if you are running WordPress 4.2.2 then hackers know that your website has a critical cross-site scripting vulnerability that they can exploit. This is just one of many examples and as there are databases on the Web that list all the different vulnerabilities associated with specific software and it’s different versions it’s very easy for hackers to find out what kind of vulnerability your site may have.
Once they know this they can exploit that information and use your website for a range of things that include sending spam emails to their targets from your email address, stealing your website (and customer) data, hosting malicious content on your site and attacking other websites via your site.
If a hacker gets into your site they will most likely exploit it for malicious activity which will therefore affect your website, and company’s, reputation.
What should I do to combat these attacks?
Here at Redline we suggest using four layers of protection if you’re serious about keeping your website – and business – in top shape:
- Use a CloudProxy/CDN/Web Firewall service such as Cloudflare or Sucuri’s CloudProxy – these are designed to handle ALL inbound traffic to your website and filter the good from the bad. These systems can generally protect your website from the bulk of any attack or vulnerability scan.
- Ensure you have a rock-solid and proactive Australian hosting company that monitors and responds to issues, and provides server-level firewall and antispam protection. At Redline, we provide first & second level support for our clients, but we work closely with our hosting partner Crucial if things get tricky – this means we’ve always got you covered.
- Keep your website software up to date – WordPress and the plugins/themes used to build your site need to be updated regularly. The primary reason for this is to stay up to date with the latest software patches that the developers release to fix vulnerabilities that may have been identified (or worse, exploited) in earlier versions. Out of date software still remains the number one cause for website mischief. In this past year alone WordPress has done over 20 software updates which makes us wonder – how old is your software? Check out all the WordPress releases here, and find out if you’re up to date, or way behind.
- Utelise On-site Protection – you should always have a security plugin installed. These tools will usually “harden” the WordPress installation, and provide a final layer of protection. Some of them will also periodically scan/report on issues detected.
We recommend using Sucuri, WordFence and iThemes Security, these plugins can either be used alone or all together to provide a nice overlap in protection, as they all have different feature-sets to make sure your site is secure. We strongly recommend using all three, and as they are free to use you’re not going to be out of pocket by running them all at once!
Another thing businesses should consider to combat attacks is separating their website hosting from their email hosting, for example using Google Apps or Office 365. So if your website does go down, your email will still be running – stay tuned for our next blog which will be on this very topic!
Here at Redline we offer a combination of all the techniques listed above for our clients that host with us, so please contact us if you need any help with keeping your website secure. Otherwise speak to your web developer to make sure they’ve got you covered!