Website Security

Website Security is a MAJOR concern.

Even the White House and Pentagon websites experience security breaches.

While it’s impossible to achieve total website security, simple steps make it harder for malicious hackers to gain access to private areas of your website.  If you run an ecommerce site, getting hacked is particularly serious, as the hackers may gain access to your customers’ credit card and identity information.

So, what can happen if someone hacks into your website:

1. they can insert malware into your site
2. they can steal users’ and visitors’ information which is especially dangerous if you’re running an e-commerce site
3. they can disable your site, steal your traffic …
4. they may even be able to gain access to other information about you.

None of us wants to believe our websites are at risk, but the truth is that someone can use a bot to hack into our websites unless we take steps to ensure beef up website security.  This is especially dangerous if you’re using open source software, such as WordPress, since its vulnerabilities are there for the world to see (WordPress 3.1.2 took care of some known security issues, so you should update if you haven’t already).

The key here is to adopt a 2-fold approach to minimize the risk and reduce the impact if you are hacked.  Here are some suggestions:

1. Clean your computer — even if you run on a Mac (I always thought Apple computers were virus proof, but, according to Rachel Nabors, that’s just hype).  Having up-to-date anti-virus software is a must.
2. Update your WordPress and plugins when available.  Developers work hard to close security issues in future versions of their software.  Normally you’re notified when a new version is available and should update immediately to keep your pages secure.
3. Carefully choose obscure logins for your admin panel.  You’d be surprised how many WordPress websites still use the default — admin — for their user name.  And create a password no one would guess — that means birth dates, anniversary dates, and other personal data that are public record are out.  Also, be careful where you store this information and never give it to anyone you don’t know well.  As added website security, I change my login information after I give it to a developer or someone else with a legitimate need for this information.  I may trust them, but I’m never sure how careful THEY are with storing login information.
4. Control access by using reputable themes and plugins and use as few of them as possible to limit the risk inherent in them.  Themes and plugins downloaded from WordPress are safest as they’ve been tested by experts.  But, other reputable theme developers provide safe themes.  Just be careful of those “free themes” as many have security vulnerabilities (and are also often hard to work with to achieve your desired branding).
5. Make sure usernames and passwords are secure, hard to guess (by using nonsense words) and not recorded anywhere online.  Don’t email them to a friend or developer or yourself.  Use unique passwords for every account and don’t use the default “admin” username.
6. Hide things like your file structure and use a random prefix for your database.
7. Run security checks using plugins such as WP Antivirus and WP Security Scan.

Now, producing a secure website is important, but if you’re running an e-commerce site it is critical as a breach could spell danger for your customers.  Just look at the damage suffered by Sony after the breach to their Playstation to see the massive damaged caused.  It’s hard for customers to trust you again and negative sentiment spread quickly and gets amplified in social media.