Most website publishing content management systems have at some point been vulnerable to attack, with the most popular platforms WordPress, Joomla and Drupal often being hacked as a result of outdated software, 3rd party plugins, systems incompatibility and the use of legacy scripts and code.Websites in general, regardless of their coding language, CMS platform or hosting environment are at risk from intelligent robots, which trawl the net looking to exploit flaws within the code. Often the motive is the same: to cause maximum disruption and achieve media attention.
The most common and frustrating attacks include rouge form submissions which often lead to website owners implementing ‘are you human’ solutions, which negatively impact data capture effectiveness. Database injection attacks which can lead to defaced websites and data loss, and denial of service (DOS) attacks, which cause outages and poor performance are also widespread.
The worst attacks can take over your website to promote unpleasant goods and services, others will automatically redirect visitors to other websites, which can have a dramatic impact on your brand and its reputation.
Doing the simple things well might be enough to protect your online presence.
The most basic defences include;
- Using complex passwords and changing them regularly
- Hosting your website with a reputable service provider
- Checking that restoration from backup actually works by testing it
- Agreeing a maintenance schedule to ensure patches and updates are tested and applied shortly after release.
Double-check and check again that your backup service is reliable. Some hosts will backup your website to cover themselves in the event of a major failure. However their backups may not be accessible to their customers quickly and easily in the event of your website being compromised.
We’ve seen it all when it comes to backup, and urge you to never trust a backup service until you’ve successfully completed a restore. You should also enable email notifications and alerts where possible. We know daily emails of this nature are a nuisance but they’ll provide an important clue when something does go wrong.
Whilst it’s relatively straightforward (and very important) to apply the frequent patches and updates which software vendor’s release, a good developer will ensure the latest secure code is used for embedding and integrating with 3rd party services. A reputable host will maintain up-to-date servers and the most secure hosting infrastructure.
Incremental updates often provide fixes and enhancements to security, whereas new releases often provide new features and functionality. However, vendors typically strive for maximum security and therefore constantly rollout improved security in incremental and major updates.
There are a plethora of techniques to secure a website. Most notably each CMS vendor provides guidance on best security practices, which usually have to be applied manually as they’re not always options within the CMS and might require specialist expertise – some points are considerably easier to implement than others.
Some examples of vendor guidelines:
The fundamental point here is that you should check your designer, developer or agency has implemented security best practice for your solution, it’s often not added unless you request it.
We take full responsibility for our clients website security, backup and disaster recovery in the event of failure, but not all agencies and developers adopt the same approach.
Be sure that you know what you’re paying for, what is and isn’t included within the scope of your project, hosting costs and ongoing maintenance agreement. Double-check your contract terms paying close attention to response times and responsibility for loss of data, upgrades, hacks and identification of threats.
Our clients love the peace of mind gained when we demonstrate how quickly and easily content can be restored from our backup service. Ask for a demo so you can be sure you’re suitably covered.
Backup is easy to forget about until it’s too late; it’s ultimately your responsibility that it’s covered. What use is a lawsuit when your websites goes offline?
If you have concerns about the security or backup for your website, act now!