Most websites today are being built on one CMS (Content Management System) or another like WordPress, Joomla or Drupal, to name but a few. These systems are developed to make website management little easier. They make web design faster and far cheaper. However, if they are not properly managed they can be vulnerable to hackers.
The core CMS that is installed on your web server to give you the framework for your site is updated from, time to time. This serves to improve performance, add functionality,fix bugs and to close holes that hackers might exploit to deface or install malware (malicious software) on your website. This means that the scripts that control the look and functionality also need to be updated.
Most business owners don’t have the time or expertise to manage their own business websites but I cannot stress enough the importance of keeping your website up to date. There are a number of activities that need to be carried out on to keep your website safe. From here on I will refer to WordPress since it is the most widely used and actively updated CMS. These are the basic activities but there are more technical actions that can be taken.
WordPress releases minor updates on a fairly regular basis and major updates less regularly. This is the starting point to ensuring the safety of your website. These updates need to be installed as quickly as possible. As previously mentioned these updates improve performance, add functionality, fix bugs and close vulnerabilities.
Check on a weekly basis for updates. This is where website management starts.
Themes & Plugins
Like the WordPress script, themes (manage the look of a website) and plugins (add functionality) are also regularly updated, if they are any good.
When a theme or a plugin is widely used the developers will, in most cases, update often. If you find that you are using a theme or plugins that are not updated, at least every couple of months, you should consider removing them. This is where many vulnerabilities are found because most of the developers are not security experts so holes can appear.
Fortunately with WordPress the changes made to the CMS script allow for a fair bit of backward compatibility unlike with other CMSs that ‘break’ the plugins when you update the core script.
The default admin username used by WordPress is ‘admin’ and leaving it this way removes half of the guesswork from hackers. Change this as soon as possible.
Also use strong passwords with upper and lowercase letter, number and symbols. If you need a strong password you can use Strong Password Generator for some ideas. Just make sure that you save the password to a text document otherwise you may be locked out.
Edit your user Nickname so that it is not the same as your user name. This will keep your username secret when you post articles on your blog.
Users & Comments
Comments on articles are great if they are relevant and add value to your website. Google loves them because they add content. On the downside there are people that will spam your comments with unwanted adverts if they are given the opportunity.
This is not really a security concern unless you allow unrestricted user registrations and or guest posting.
Depending on the purpose of your website you may not want comments so be sure that they are disabled and that people are not allowed to register.
WordPress does a pretty good job of picking up spam with the right plugins but you also have the ability to moderate comments before they are displayed. I suggest using this feature.
Security is one of the main reasons you need website management. There are a number of free security plugins available for WordPress. Most of them give you basic protection with the option to upgrade. They do a good job for the most part if you are paying for the Pro or Premuim upgrade. The prices vary but the cheapest that I have found is $59 (ZAR925) per year.
We use WP Site Guardian on our clients’ sites for a small monthly cost. We find it effective because, unlike other security plugins, it detects and blocks hack attempts even if you have vulnerabilities.
Keep regular backups. How regular will depend on how active your website is. If you are making changes to your website daily you will want to have at least weekly backups. If you are less active and only make changes a couple of times a month, monthly backups should be fine.
The last thing you want is to have your website hacked and you lose everything.
Hacks come in different forms. Here are a couple.
Defacement hacks – the website is replaced with the hackers name or a new page. This is not too serious if you have a backup.
Malware hacks – This is where malicious software is installed on your website. This can infect the computers of people that visit your website or, in extreme cases, attempt to defraud an international bank. This could result in serious penalties for you and your web host
Even if you have your website security completely tied up you can still be hacked. Unless you are able to act quickly the results can be disastrous:
You could be blacklisted for hosting a phishing site
Your domain value and search engine ranking could disappear
You could even be dropped by your hosting provider.
This article on recently hacked South African websites highlights the importance of good website management … Click here
If you would like to know more please contact us. We will be happy to be of service.
Take a look at our Managed Website Packages for your peace of mind