Hacker in the officeIn the past, when many webpages were just an online equivalent of a print campaign, all that was needed was a one-off backup of the website files. If the site did get hacked, all that was needed was to quickly reload the site from the backup. Nowadays, nearly all websites are much more complicated, comprising program code and databases in addition to the mark up language and images of the earlier sites.
As you probably know, I now build nearly all of my clients’ sites using WordPress. I’m in good company; more than 30% of the world’s websites are built using WordPress. Of course this does make WordPress websites a prime target for hackers and other ne’er-do-wells, so it’s very important to take measures to protect these websites.
I pride myself on the care I take regarding the security of the Websites that I build.
• First and foremost, I carefully vet all software that goes into my sites. In addition to the WordPress software itself, there are tens of thousands of themes and an even greater number of software plug-ins that can be used to enhance a basic WordPress website, not to mention the option to write or commission bespoke software for added functionality. It is essential that these additions don’t introduce malware or vulnerabilities, or even just fail to work properly.
• WordPress sites comprise program code that updates the content of a database. In most cases, more than one person is capable of carrying out these updates. These may be developers, client staff, or the general public. In order to guard against accidentally or malevolent damage, I always incorporate a system for regularly taking backups of my websites.
• However well software is written, the baddies will be constantly trying to identify vulnerabilities and good software developers will be constantly working to block known and undiscovered vulnerabilities. I therefore ask my clients to allow me to constantly monitor their sites and keep the software updated.
• Crooks and opportunists around the world employ “botnets” (massive networks of rogue computers) to keep trying to access websites. To defend against this I employ secure user accounts with complex passwords and error lockouts against hackers, brute force and distributed denial of service attacks.
• Naturally I choose hosting services very carefully. There is a strong chance that free, or very cheap hosting from relatively unknown suppliers or from countries where data protection is weak, may not protect your site to a reasonable standard.
• There are various other precautions that I take: through added security software, through careful adjustments to the system configuration, and through ongoing automated and manual monitoring.
• Digital certificates were once an expensive and difficult addition to websites but now things are much simpler, and cheaper. In fact free certificates are now available from Lets Encrypt. Using a digital certificate allows you to encrypt traffic to and from the website, including personal data and passwords. In addition, Google looks very favourably on websites that use certificates, so there’s an SEO benefit too. Some browsers, including Google Chrome, with try to block sites that don’t have a certificate.
• One premium addition to my armoury is Sucuri (see https://www.youtube.com/watch?v=0Zw2xVTMnsk). This is a really excellent service. Like many of their clients, I first used Sucuri to fix and clean a site that had been blacklisted. I must stress, this was not one of my own sites, I was asked in by the client to fix this problem. I was extremely impressed at how they worked with me to very quickly solve the problem and provide ongoing support. As a result of my experience with Sucuri I will, from now on, always try to persuade my clients to buy into Sucuri’s pro-active security and protection.

Take a look at our website Care Plans

If there’s anything here that you’d like to discuss, I’d love to have a chat with you about it. Call me on 01883 370692, or email me at paul.hooper@route22.co.uk.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This