Recently, we encountered a situation on one of our development servers where a test site was hacked and infected with some malicious code. When this happens, the goal can be anything from turning an innocent website into a spam center, stealing user data, or something even worse. Is your website secure?
Fortunately, the hack was only on a test site and isolated on a sub-domain and we caught it very quickly, without it spreading beyond just a handful of individual files. Because it was just a test website, security was minimal and we were able to repair it without much issue. However, it was was a strong reminder that any opportunity or vulnerability can be quickly exploited, especially online.
While having an extremely extensive security solution isn’t practical for many websites, due to the high cost and time requirements of implementation and maintenance, there are a number of things you can do to reduce your risk.
Here are a few of the best practices that we often use on our client’s websites:
Keep your CMS up-to-date.
By standardizing a framework, websites that are built on Content Management Systems typically enjoy a great functionality/cost ratio and large development communities. This standardization can also present a problem: If a vulnerability is found in the framework itself, many of the websites using that framework are also at risk. However, the most popular CMS platforms (Wordpress, Drupal, etc.) are very good about releasing updates to fix security flaws. But remember, you can only get these benefits if you keep your platform up-to-date.
Of course, there are also situations where you may not want to update your CMS, especially if you’re using a private or heavily-customized install, so it’s best to speak with knowledgeable folks (like us!) before you click that “automatic update” button.
Don’t share passwords or admin access unless totally necessary.
We know, this should go without saying. But remember, the threat here isn’t always the individuals whom you’ve granted access to your website or server, but also the security of their computers and networks. Lapsed virus software and a saved password can equal disaster.
Back up your data.
We all hope nothing will go wrong. And often, it doesn’t. But by having a full backup of a recent working version of your website, you can rest assured that if worse comes to worse, you’re covered.
Of course, there are many additional security measures that can be taken to protect your website – we just wanted to get your brain on the topic, since it’s a much better idea to prevent than to repair.
Without revealing any sensitive information, what are your best security tips? Are you doing everything reasonable on your website to prevent fraudulent access?
Latest Posts
Navigating the AI Revolution: Top Takeaways from ASAE’s 2024 Annual Meeting
There is no better feeling than sitting back at your desk after a good…
Keep ReadingThe Essential Guide To SEO for 2024 and beyond
What You Need To Know Now About SEO We’ve put together this Essential Guide…
Keep ReadingYoko Co Named in 2024 Best Places to Work
We won an award. Over the years, we’ve actually won many awards. For the…
Keep Reading