Your site is Vulnerable?
Unfortunately, most website owners have had to deal with their site being vulnerable, or as a layman would say “Your site has been hacked.” Before we deal with how to keep your site secure, have you ever wondered how sites become vulnerable? Typically it is a combination of a couple of things, but generally, it invoices outdated software, outdated plugins or themes, Brute force attack, Malware, or DOS or DDOS.
Software
Your website needs to have up-to-date software. Your website can not have out of date donation solution. Your organization is going to have to keep all the software updated. If your organization’s website is WordPress, then your website is going to have to be running on the current acceptable PHP. Your website’s hosting company should keep your PHP updated, but some hosting companies do not automatically update PHP. So your organization will need to keep this in mind, especially when choosing your web hosting plan.
Plugins and Themes
Your website’s themes and plugins need to be up-to-date. There is a reason for the updates, typically it involves backend security. Your organization will need to keep the themes and plugins of your website updated. While we do not expect your organization to update all themes and plugins on a daily basis, weekly or bi-weekly should be the norm. Most hacked websites are the result of a bad plugin or theme. Your organization is going to have to keep all plugins and themes updated.
Brute Force Attacks
According to Wikipedia, a brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. In layman’s terms, a brute force attack is where hackers are trying to get into the backend of your site using a program with simple administration usernames or passwords.
Malware
Malware, or malicious software, is a blanket term for any kind of computer software with malicious intent. Most online threats are some form of malware. Malware can take many forms, including viruses, worms, trojan horses, ransomware, and spyware. Sometimes malware can be used to unjustly reward the bad guys.
Denial of Services Attacks (DOS)
According to American Cyber Security Defense, A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while its resources and services are inaccessible.
Distributed Denial of Services Attacks (DDOS)
According to American Cyber Security Defense, A distributed denial-of-service (DDoS) attack occurs when multiple machines are operating together to attack one target. DDoS attackers often leverage the use of a botnet—a group of hijacked internet-connected devices to carry out large-scale attacks. Attackers take advantage of security vulnerabilities or device weaknesses to control numerous devices using command and control software. Once in control, an attacker can command their botnet to conduct DDoS on a target. In this case, the infected devices are also victims of the attack. Botnets—made up of compromised devices—may also be rented out to other potential attackers. Often the botnet is made available to “attack-for-hire” services, which allow unskilled users to launch DDoS attacks. DDoS allows for exponentially more requests to be sent to the target, therefore increasing the attack power. It also increases the difficulty of attribution, as the true source of the attack is harder to identify.
Poor Hosting
Shared hosting is the result of many vulnerable sites. We would not recommend your organization place its website on any low costing hosting plan. Your organization is only asking for a lot of headaches and some re-design costs. Most agencies, including mine, will not create a website, without it being placed on our hosting platform. And if a client is insisting on using their own web hosting platform, then they must sign off on an agreement acknowledging that if the site is hacked. A total redesign package is needed.
Improving security
So how can your organization improve your website’s security? It is really simple.
Admin username
Change your administration username from admin. Do not use admin or any variation of the word admin.
Password
Enforce a strong password. We all do not like to remember the crazy passwords that are generated from the system adbUKT8765!^fgr#$%. But they are really hard for hackers to figure out.
Two-Factor Authentication
If you are not going to use strong passwords, then implement two-factor authentication. Remember to use either verification on a mobile phone or email. Some members might have access to their phones, and not their emails, and vice versa.
HTTPS
Keep your website secure. Your website should not be asking for credit card information or personal data without a secured website. Most visitors will look for the little lock in the browser. There are many options, and some are not premium. But work really well with your website.
Plugins and Themes
Keep them updated. Review your website at least twice a month and update any plugins or themes. Always make sure your website is backed up prior to updating plugins and themes.
Conclusion
Hire someone to keep your website secure. Most of this information is not rocket science, but does your organization have the time to keep its website secure? If your organization needs someone to keep its website secure, then give us a call at 678-718-5489 or email us at info@jdswebdesign.biz.
Image courtesy of John Salvino.
JDS WebDesign is a Web Design and Brand Marketing Agency located in Marietta, Georgia. We create AWESOME on line presence for Start-ups and Influential People/Organizations. To learn more about us or how we can help you and your organization, you can contact us or schedule a meeting.
Join our mailing list to keep up with JDS WebDesign and find get tutorials and information about how to improve your website or business.
Get Your Mobile Application TODAY!!!
Unlock your next state of growth. Mobile applications that change minds & deliver more!!!
CLICK THE RED BUTTON BELOW TO GET STARTED!!!
