Does Your Website Need Security?
Yes. Yes to keeping your website hack-resistant. Yes to ensuring client data is safe. Yes to fighting zombies and site infesting viruses. YES! Let’s talk about security.
I know the World Wide Web has felt like a virtual playground, a wealth of distractions filled with piano-playing kittens, a treasure trove of information when you need to know an IKEA furniture hack, or an endless array of stories to scroll through on your Facebook feed. What we don’t see as everyday users is the underbelly of website development, the dark web where tech-savvy hackers are scavenging the 0’s and 1’s of data for sellable information, the insurgence of “fake news” to manipulate our perception of the world and scare us into clicking links, and mounting instances of small sites being harvested due to open doors and vulnerabilities, then transformed into malicious tools of internet destruction.
Two months ago, a client called me about an email account that had been hacked. As I searched for the source of the problem, I realized that their web server had been hacked. Like the flu, the problem spread. I discovered five more hacked sites and two more clients were impacted by very similar issues. It threw me into three weeks of endless efforts to understand how to better secure and prevent this from happening again. My own sites had been plagued by similar issues, and the last thing I wanted was to lose the websites I had spent months/years to build.
What I learned has caused me to change how I work. The internet is a changing landscape. We are still trying to sort out our rights and our liabilities as we watch corporate giants (Equifax, Uber, Sony, Anthem) try to recover from data breaches, tossing our personal information to the sharks. Five banks were just identified this week as having vulnerabilities in their apps that put 10 million users at risk to “Man-in-the-Middle” hacks if used on open networks. Change your password if you use Bank of America & HSBC and UPDATE your apps! And NEVER use financial apps in free WiFi zones. It’s worth the added security to use your own data plan when using these apps.
Google is trying to help users by flagging sites without encryption as vulnerable. Currently, you see a marker next to a website address that indicates if the site uses encryption denoted by the “s” (https://). For years I have taught students to never input risky information to a site that has an open red lock or is left as http://. I recently purchased SSL certificates to ensure my site has proper encryption. I am now recommending to clients to put this in place when they build a website. This also factors in to newer rules for Search Engine Optimization (SEO).
Additionally, I find myself silently checking up on my clients’ websites, installing tools to ensure there is monitoring and protection, and performing regular clean-up.
Some Tips and Suggestions:
- Keep your WORDPRESS up to date. Whatever you use for your website development, do not hesitate to take a few steps to back up your website, then install the latest version. WordPress is open source, and when vulnerabilities are found, a push for the next release is encouraged. JUST DO IT!
- Keep your PLUGINS up to date. Developers of those neat tools that make your site workable and give it some zing also have updates.
- Consider a paid plugin vs. free if it is a tool you depend on. You will get more features, get relevant updates, encourage the developer to keep the tool supported and funded, and support the world of great tools. They usually cost little in the domain of actual web development.
- USE a malware/firewall tool like WORDFENCE. I have looked at several, and although there are quite a few great tools with”pay for” features available, the FREE version is super helpful. It offers emails to warn of concerns and changes, lets you know when something needs an update, and offers a basic firewall that blocks high-risk IP addresses from hitting your site.
- Get an SSL Certificate from your hosting provider. There are free ones out there and tools to help, but it depends on your host and how you are using it. You can find a basic one for $55 a year. Selling things online? Expect to pay $100+ (This is a must!)
- Turn off commentary on pages (not posts), only allowing those features on your blog and blocking rogue commentary from spammers.
- Use a Captcha for your online forms to limit “bots” that distribute spam randomly to your site. I know, I know… it’s annoying… just avoid the ones that make you pick all the squares with birds in them.
- REMOVE old plugins that are not being used on your website. You installed it, didn’t like it, deactivated it… but don’t let it sit. Get rid of it now!
- If your site is hit, don’t hesitate to use malware protection services with your hosting company until you can put these barriers in place.
If anything on here is confusing, I would love to help you analyze your site and take care of these things. I hope to create a video to educate my clients how to secure their sites themselves (or hire me to help). These tasks require you to be more attentive to your site than you may have been. The web landscape is changing quickly, and in some ways, viciously. As we collect data for our businesses, the need for protecting visitor data will place more responsibility on the website owner. Get a head start and build those barriers against the zombie apocalypse of the hacking world.