Website security is a big deal. In the past few years a myriad of major companies’ websites, servers, point-of-sale systems, and who know what else have gotten hacked left and right by groups of highly skilled individuals. Even the Italian company Team Hacking which specialized in “offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations,” as described by Wikipedia, was recently hacked making it a concern of gigantic proportions to pretty much everyone.
The good news is that most websites out there, including ours, aren’t being targeted by these individuals. The bad news is that there is another group of hackers eager and happy to target the rest of the websites like this 15-year-old who purportedly hacked 259 company websites within a 90-day period. You read that right, a hacker of 15 years of age having fun like there was no tomorrow.
The problem isn’t primarily with the websites or server or platforms used, even though they do play a major role, but those who own them. Misinformation is our culprit here and that’s precisely what the purpose of this this list is: to help you learn and understand that simple steps can be taken to help protect your website—and that you can take action even today.
Before we proceed with the list it is important to let you know that there is no website that can’t be hacked; that there is no website that isn’t vulnerable. The good news is that by taking these steps you will be able to keep your site as strong as possible.
Whether your website uses WordPress (downloadable version), Joomla!, Drupal, or any other Content Management System, it is vital that these web design and development platforms stay up to date just as computer operating systems, smartphones, and video game consoles (to name a few) need to be updated for security releases and improvements on a regular basis.
WordPress, Joomla!, and Drupal, for example, do a pretty good job in letting users know when a new version is available. The updating process varies from platform to platform and it involves a series of steps in order to complete the process efficiently and headache-free. It is important and highly recommended that an experienced web developer handles the task to avoid any problems that might arise with this procedure—unless you don’t mind an encounter with the white screen of death (among other problems that might arise).
From time to time Content Management Systems release newer, improved versions. The process to update a platform to its latest release is a process known as migration. Let use an example to define what the main difference is from simply applying security updates.
This year on July 29th Microsoft began to release the newest version of its iconic operating system: Windows 10. The latest version available was version 8 so, technically, this is not an update but a migration to a new, built-from-the-ground-up version of Windows.
The same basic concept applies to how CMS work. A migration is usually a step above security updates and it will often require an increased time for implementation and a bigger budget (considering you are letting a professional take care of this often complex task) than security updates. The amounts of steps needed, however, will vastly depend on the platform, the site of the website, and other elements that will come into play from site to site.
Even though a migration isn’t something that will be required to be done every month, it is a crucial step to help maintain your website’s platform up to date and secured.
Updating or migrating your CMS is always (or often) the first step. Most websites nowadays use a number of extensions to enhance the functionality of the site itself (i.e. image slider) and the developers of these will also come up with security updates that will need to be applied from time to time to ensure they ares secured.
Whether you know them as plugins (WordPress), modules (Drupal), or simply extensions (Joomla!), they are technically separate from the CMS, they are add-ons, and most are not maintained by the CMS developers so their will require to be assessed individually as often as needed.
By default, each and every file of your website(s) are given a specific permission by the server (Linux environment). In a nutshell, these permissions will define who can see a file of your website and who cannot.
For example, and using FileZilla, a popular computer program to access our website files (commonly known as FTP client), we can see how straightforward the permission system works:
When permissions are not set appropriately they can potentially let anyone access files that aren’t meant to be open to the public and it is frequently one of the security loopholes hackers set out to hunt for.
Just as we would only give the keys to our home to those who can enter it we need to make sure that website files are assigned proper permissions so the integrity of the website files is maintained. The correct permissions will vary and for a number of reasons (and it will greatly depend on the server where the website files are being hosted), but the rule of thumb is to set folders to 755 and the rest of the files to 644.
The last but perhaps most important item on our list of the things you can do to protect your website is to routinely back up your website. To your surprise, most website owners do not have a copy of their website because they do not know this is actually something that needs to be done—and thus why each web design and development company must work on educating everyone they work with.
Preserving up-to-date copies of your website(s) will ensure that if something ever happens to it you can always restore it. The more often a website is modified the more backups should be considered. Even though manual backups are recommended, WordPress, Drupal, and Joomla! have excellent extensions that you can use for this purpose.
What are you doing to keep your website secured, today?
Or give us a call @ 760 454 1484.
28360 Old Town Front St #673
Temecula, CA 92590
P · 760 454 1484