Online security in general is a huge talking point these days, with hackers finding new and creative ways every day to access your information, assets, and anything else you hold online.
What is website security?
In a nutshell, it’s the process of implementing a set of measures to improve the security of your website. There are a number of measures you can put in place to help to prevent cyberattacks on your website. These range from simple things such as using a complicated password, two-factor authentication to things such as IP and Geo-blocking.
At franworks, we take website security very seriously. Over the last 6 months especially, we have seen a significant spike in attempted attacks on client websites as well as some of our own. Since we are continuously improving our efforts and procedures to secure sites under our management, the impact has been minimal, but that by no means means security isn’t a threat for everyone to be aware of.
Therefore, we thought it would be fitting to write this blog post going over what website security is, three most common attacks and three things you can do to protect yourself and ensure none of your information ever gets compromised.
3 Common Attacks:
There are many ways that a hacker can try and access your information. One of the most common website attacks are Brute Force Attacks. This is where a hacker will access the login panel to your website and continuously try accessing it through a range of different passwords. These kinds of attacks are getting more and more advanced – we are seeing hackers setup password algorithms and run them off virtual machines to try to access multiple websites with very minimal effort. This reinforces our statement earlier on with the importance of passwords.
Our advice: Always use a complicated password and make sure that you change this password on a regular basis, every month to two should suffice. You can then pair this up with something such as two-factor authentication to further protect yourself from these sorts of attacks.
Moving on, we have Malware Attacks. These are a little more complex and can easily go undetected. Malware attacks generally occur when a hacker finds a backdoor into your site and plants a file or line of code that either will “kill” your site or, let them in through the login panel. Malware attacks aren’t as common as brute force attacks but they still occur.
One of the main reasons why malware attacks happen is because people do not keep software, applications etc up to date. Software developers don’t release regular updates simply for improved features – if you take a look at the software updates on your phone, one of the first things that each of them always say is something related to “security” before anything about new and improved features. This is to stay ahead of hackers and keep your information safe.
Our advice: In relation to your website, always make sure you are running the latest versions of your control plugin, themes, plugins etc. This will give you the best chance at protecting yourself from malware attacks. A good rule of thumb with any website is to check for updates every couple of days or enable WP-Cron and turn on automatic updates.
Lastly we have Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are another very common cyberattack method. DDoS attacks consist of an individual or virtual machine sending large amounts of data to a web resource, such as a website or even server in order to exceed the web resource capability to handle requests. This in turn will result in crashing of the web resource and as long as the DDoS attack is operating, the web resource will be rendered unavailable and unusable.
Our advice: One of the best ways to combat DDoS attacks is to ensure you have fault tolerant hosting. For example, you are hosting your website on a server, make sure whatever hosting you get has fault tolerance, which can sometimes be achieved through the likes of CDN, or content distribution networks. Fault tolerant hosting means that if your server goes down because of a DDoS attack, your data can be transferred elsewhere and be back online relatively quickly. Another great thing to use to combat DDoS attacks is to ensure your website / server utilizes a DDoS Protection service such as Cloudflare.
3 Things you can do to protect yourself:
Passwords are a crucial point of securing any website or web resource and often something overlooked by users. One of the first things you should do is make sure your password is complicated and secure. The more variables and special characters in your password the better. Furthermore, ensure that this password is changed on a regular basis. Personally I (Jordan) like changing my passwords on a monthly basis to ensure they are secure.
Moving on, you should pair a strong password up with two-factor authentication. Yes, we know 2FA can be annoying and tedious at times but it is well worth the effort. For example, if one of these hackers manages to brute force your login via the login screen, they will NOT be able to access your account or website without the 2FA code. 2FA adds on that extra layer of protection which can be the difference between you losing your online assets and accounts and not. In our opinion, it is definitely worth the extra little bit of effort every now and then.
Last but not least, you can talk to our team at frankworks about website security. We take fairly heavy-handed measures with all of our websites and web resources to ensure they are as safe as possible. For example, every few days all of our websites are thoroughly checked, we run tests and ensure everything is kept up to date. In hand with that, we use 2FA as well as a number of third party services to protect against a multitude of different cyberattacks. We utilize IP blocking, GEO blocking and much more to ensure all of our clients are thoroughly protected from cyberattacks.
Get in touch with us today for a no-obligation, no BS chat.