08 May 2015 - Jonathan Dempsey

5 tips for improved website security

Website security can become compromised over time, from those run by big corporations with a large user base, to simple, personal blogs with little traffic. And while the popular notion of a hacker is a geek out to steal bank account details or state secrets, more often than not, they are looking for vulnerable websites and servers that can be used to send phishing emails and to host illegal data. This means seemingly insignificant websites are also the targets of malicious attacks. So how do you go about protecting your site from hackers and malware?

Keep your software and plugins updated

New vulnerabilities in existing plugins and content management systems are discovered all the time (the most recent one being discovered a couple of days ago for WordPress). However, once discovered, updates patching the software are often released, preventing would be attackers from exploiting the vulnerability (a good reason to use well supported CMSs and plugins is the fact that website security patches are released quickly in response to known threats). Here at The Friday Agency, we can ensure that your site is kept fully up to date through monthly checkups, minimising the risk of such an attack on your site.

Regularly scan your site for malware.

Even if your plugins, themes and software are all up to date, it is still possible that malware or a backdoor file has snuck its way onto your server. Hackers are constantly coming up with new malware to infect your site in ingenious ways, and so in the same way that every computer needs an anti-virus programme, we believe that every website needs to be scanned regularly for malware. We run daily scans and are immediately alerted if malware is discovered, if the website has been taken down or there is a brute force login attack. As soon as we get an alert we do a cleanup of the site to make sure the danger has been removed and has not affected your site.

Strong passwords for all website logins

Recently, the top 100 passwords for all LinedIn users were released. While it seems impossible to have avoided website security experts warnings that attempts by and the top 10 passwords are all extremely easy to break into and guess as they range from 123456 to abcdef. Having such an easy password is very dangerous as it does not take a hacker or bot very long to guess what your password could possibly be. Once they get access to your password, they have access to your site and that is when you are in trouble. The key is to pick a strong password that is a combination of letters ( lower and upper case), numbers and a symbol.

These tend to be the strongest type of password as they are completely random and are difficult to guess or break by humans or bots. As a matter of facts, most of the online attacks are done by bots, which can be thought of as a robot or a software created by a hacker that crawls the internet and attempts to break into websites.

I mentioned in the point above about brute force login attacks. These are attempts by bots which try to guess very at a very fast rate the correct combination of your password and username. As mentioned above, we get alerted as soon as a brute force login attempt has started and we act on it straight away to stop the attack.

Keep backups of you website

Suppose that all of the above was done, however, a hacker still managed to get access to your site and worse yet, infected the whole site and broke it. This can happen, and when it does you should hope you have a backup of your site.

Obtaining and installing an SSL Cert

SSL is a protocol used to provide website security throughout the internet. A website that has an SSL cert can be easily recognised by the way in which the url always starts with “ https ” rather than the more common protocol “ http ” We recommend obtaining an SSL cert for any website which may contain payment such as an ecommerce site. The reason is that without an SSL cert, information between the website and the customer or user that is exchanged (such as credit card numbers for example) can be easily sniffed out by hackers.

The measures we take

The protection and website security methods outlined above are available to all our clients who subscribe to our service level agreement which allows us to manage their sites so that they do not have to worry about any breach of website security or down time. Those clients receive monthly reports outlining details of their backups, upgrades of all contents of their site, their site scans and details of any downtime or website security breaches.

For those clients, we keep the last 30 days worth of the website as backups. This way, if something gets through our defences and the site breaks, we can always go back to the last time the site was not hacked and restore it there.

If you want to find out more about our service level agreement get in touch with us here.