Imagine walking out of your front door and leaving it open, whilst you jet off on holiday for a week. Or parking your car in central London and leaving all of the windows open and your laptop on the front seat. Or even walking around town with your wallet hanging out of your pocket and your iPod on so loud that you couldn’t hear an airplane, let alone a pick pocket walking behind you.
You are probably thinking, “Why would I do that, I am not stupid! “.
It is true to say, the majority of us would never do any of the things mentioned in my opening paragraph, because they are the basic security measures of life. Lock your front door, keep your windows closed when away and don’t leave anything worth pinching in your car.
As you begin to wonder where this blog is going, lets take the same situation, but for our websites.
Everyone has a website, wants a website or is keen to know more about someone else’s website. Imagine each website as a house, each search engine as a city and all of the web visitors as people walking around. Some of these people want to do you harm, they want to break into your house, or in this case, your website. It is no different to life in the “real” world. The majority of the people are good, but there are some that do mean you harm and will try every method, tip and tick going to bring you down.
Internet crime is one of the fast growing crimes in the global world as we know it. Everyday we see websites get hacked, passwords stolen and viruses hidden via iframe injections that will come along and do you, your visitors and probably your reputation great damage.
In my opinion, you can never be 100% secure, and anyone that claims to be is either lying or has spent thousands of pounds on security measures that the majority of us can not afford. But you can make sure you are as secure as you can possibly be by implementing a few security measures, and these are described below.
Virus Protection – Security starts at home, and by this I mean make sure you are running a first class security suite on your home pc’s and laptops. I use Mcafee, but there are others including AVG and Norton, but just make sure you use a well recommended internet security suite which if you do get infected, will help protect and fix any problems. Also download Malwarebytes and run this on a periodic basis. The latest Virus programs can now also fix infected webpages, meaning you can save hours by letting them fix the issues should your site get infected.
FTP Passwords – Every week, change your FTP password. Yes, this is a pain and you probably won’t do it, but it can be the one thing that stops your site from being hacked. Some of the latest viruses steal FTP passwords from your pc and then send them to the bad world, so by changing the password periodically, even if they do steal your data, it will be another layer in protection for you.
Security Patches – Make sure your computer is patched. Many of the Trojans and exploits are coming through on un-patched or older systems. Make sure you allow Windows to update when it needs to and just to be on the safe side, check for updates once a week, even if you have it on automatic.
Server Patches – Most of us use web hosting, but you can still make sure that your host is doing everything they can. Drop them and email or give them a ring and ask them how often they implement patches etc and what their security methods are. It is sometimes worth paying a bit more to make sure your host is doing as much as you are to protect your site and business.
Server File Permissions – Imagine having a nice big house with a massive stone wall all the way around the building, with 50 gates for people to get in to your house with. 45 of those gates are locked, but the other 5 are open, and is therefore creating an opportunity for some one to get in. File permissions are a little bit like these gates. If you leave some of them open, there is a good chance someone will cease on this and get access to your website via permissions that have been set incorrectly. They can be quite hard to understand, so have a chat with your host or web guy to make sure your permissions are correct and above all else, secure.
Google Webmaster – Make sure you have a Google webmaster account linked to your website. Should you be hacked, Google will send you an email to tell you this and also which pages have been hit. This is such a valuable and free tool, admittedly more a cure rather than prevention, but as Google updates pages every hour of the day, they can sometimes be the first to notice your site has a problem.
Website Patches – If you are using Wordpress, always make sure you are running the latest version of the main Wordpress software and also upgrade your plugins when you are told to do so. Wordpress updates itself with new patches and upgrades periodically and this is the same for the plugins. Many of the latest hacks are targeting Wordpress, and you can help to avoid this if you run the latest version and your plugins are up to date.
Software Patches – I had a client who got infected via a PDF virus which then infected his website. He couldn’t understand why this had happened, or how it was even possible. This was until I explained that he was running Adobe Reader that was 3 years old and he had kept refusing the automatic updates! Always make sure you allow your software to install the latest updates, as many of the latest viruses will use any software going to try and access your pc.
Years ago, when someone asked me how to avoid viruses, the answer was simple, don’t look at porn. 9 times out of 10, viruses came through dodgy porn sites or file swapping facilities and you could be pretty safe by just avoiding this type of site. Now days, any site in any country dealing with any niche topic is a possible vulnerability, so by doing all of the above you can help to make sure your site does not become one of them.
As I said, in my opinion, you will never be 100% secure. If someone wants to get at you, they will do so; they will just keep upping their methods until they have success. But the majorities of website hacks are not personal and are not massively sophisticated and these are the ones you can help to avoid.
Thanks for sharing great blog about Offshore Web Development.
ReplyDeleteOffshore Web Development
India Sourcing Company