In light of the news of GoDaddy’s major data security breach with over 1 million customers affected, I thought this may be the perfect time to run through some basic website security 101 with everyone.
With data security being such an important responsibility for every organisation it’s good to take stock of exactly how your customer or users personal data is being handled and be able to sleep easy at night knowing you have done everything right.
Website Security is never done
It’s simply not enough to install security plugins. We need to constantly be on the lookout for vulnerabilities and new exploits.
The public has had an increased awareness of cybersecurity issues in recent years. What was once considered a niche subject is now front-page news. And the WordPress platform, which powers more than half of the web, is no exception to this heightened awareness.
This is because WordPress sites are often targeted by cybercriminals who exploit open source vulnerabilities that developers didn’t know about or had forgotten about after they were fixed in newer versions of WordPress core or released plugins/themes.
But it’s not just an issue with open-source plugins and themes, as there are also many ‘premium’ themes and plugins out there, which are vulnerable too – even though they claim not to be.
WordPress Website Security at Tecology
Tecology is a WordPress website development company that incorporates security best practices into its WordPress website designs.
We do this by employing the latest features and plugins of the popular content management system. We also make sure that we offer clients two-factor authentication and regular server updates. This is at a minimum, but we also do much more!
Passwords & Authentication
Let’s get into it. If you have a strong, long password it is very difficult for someone to guess it. This is because they will have to try a vast number of possible passwords in order to guess yours.
However, even if your password is strong and long, if the person was able to get access to your account in any other way then they can still access all of your data and accounts with this password.
In order to get around this, you need to make your password more difficult by using upper case, lower case, numbers and symbols.
2-Factor Authentication (2FA)
You may have heard of two-factor authentication, often referred to as 2FA. It is a very important part of creating a secure web application.
Many people store sensitive information and store it on their computers or smartphones, encrypted or not. They want to make sure that nobody else can access their data by stealing their passwords and personal information. One way to achieve this is by using two-factor authentication (2FA).
2FA uses two different things: something you know (your password) and something you have (a code).
This means that when you login to your site, as well as being asked for your username and password, you will also be asked for your 2FA code. This is great way to ensure that your WordPress account cannot be accessed without your consent. WordPress does not natively offer 2-factor authentication but if you would like this feature, please contact us and we would be glad to help.
Do not share passwords
We know that it sounds like a no-brainer. But, of course, there are people who still do this. You might be thinking that they just don’t know any better, but the thing is that it’s not just about the security of the website; it’s also about your ability to work with the client if anything were to happen with their server.
Usernames and passwords should belong to a person and only be used by that person. If someone else needs access then they should request it from the website owner or administrator who can assign an account for them. We want to make sure that no one else is using your account, as this could lead to identity theft or other cybercrimes. Just think of the data that may be held on your website!
Keeping Software up to Date
Keeping your website plugins/software up to date is a great way to keep your website safe from malicious attacks. WordPress, like most software, can be vulnerable to security breaches if it isn’t updated. One of the easiest ways for a hacker to break into a website is through a plugin or theme that has been compromised.
Plugin updates usually contain security patches for your website, which may include resolutions to certain bugs, improvements in features and other upgrades.
Besides, software updates also give you the opportunity to try new features that might not be available in your current version. Software updates might also fix any issues with compatibility with other plugins so it is recommended that you keep all of your plugins updated too.
A Reliable Backup Service
It is not as if site backups are a new thing. They have been around as long as the internet has been around, but recently they have come back into vogue. This is because of the growing frequency of cyber attacks and the increased severity of those attacks that we are seeing. Site owners want to be more proactive and ensure their data and content is safe and secure in this time of increased risk and vulnerability.
You may never need your backups, but when you do, they will save the day! Imagine if your website was just gone? All that time, money and work…just gone! Then closely followed up by complaints from your customers to the Information Commissioners Office (ICO) about their data being mistreated, most likely then followed by solicitors letters. Nobody wants to be in that situation, the reputational damage alone could close a business never mind the expense of court fees, compensations and fines.
A core part of our offering is or Website Maintenance Plans which include full backup services, either daily or hourly, depending on what plan you go for. These plans include 24/7 security monitoring amongst other core services, definitely good to check out and we will gladly migrate your site to our servers for free if you would like to sign up for a maintenance plan. We will then take care of everything for you.
Summary and thoughts
Security is not something to brush under the carpet and hope that it will be dealt with by others but something that should be a key consideration in any business decision. The slightest mistake can lead to a devastating outcome which is why security should always be the number one priority for website owners.
Good security procedures and processes not only do they help keep data safe from hackers, they also let your customers, employees and associates know their data is in safe hands.
If you don’t have a password manager, then you are putting your personal data at risk. These days, it is really easy to get hacked. You need to know that if someone does manage to hack into your account, they will be able to access all of your private data. That includes credit card information and any other sensitive information that you may have.
Also think about your current passwords, not just for your website, but in general. We would recommend that you invest in a password manager – something that ensures your passwords are always different and not just variations of the same one!
This way, even if someone manages to get into one account, they will not be able to access all of them. And with many people now using more than one online account for banking or shopping or whatever else they do online; having them all protected.
At Tecology we put data security as our number one priority with all the projects we do and if you would like to know more about services we offer to help organisations meet and exceed their data compliance goals please get in touch and we would be glad to help.