It seems that each day a new bug, hole or exploit is being discovered in the software that the fabric of the Internet is made up of. Whether it’s the popular blogging application WordPress, website control panels such as cPanel or web server software itself like Apache, bugs and general security issues are rife. You have to be vigilant, you have to keep things up to date and keep an eye on fixes as and when they become available but protecting your site isn’t enough. You need to dig deeper. You need to keep things secured at host level – or choose a web host is is known for staying on top of that sort of thing!
In this article we’ll talk about some common security issues found in the more common software types and some potential issues surrounding web hosts. We’ll also provide some tips and tricks for keeping your website secure and free from bugs! This is by no means a complete guide but it should give you a few things to think about if website security is just something you’re starting to get into.
This perhaps sounds obvious but more and more people disregard their passwords. In truth, it’s often the people who are in the know who spend a ton of time securing their scripts and software only to provide a weak and easy way in for a would be attacker with a weak password! You need to avoid dictionary words and using a combination of symbios, numbers, uppercase characters and lowercase characters. Do not base anything on dictionary words either, when it comes to passwords gibberish is good! You could have the most secure web host in the world, have all your scripts up to date but if you provide an easily crackable password, you’re going to get hacked. It’s that simple.
Keep PHP/MySQL/Apache Updated
Hopefully this is something your host will handle but it’s also something you need to keep a close eye on. When hackers look for holes, they look for holes in common software, find those holes and then off they go trying to find sites running the exploitable version of such. Most hacks are nothing to do with the sites in question, they just happen to have a ready-found hole that the attacker wants to exploit. Given people find holes in common software, this means that front end applications such as WordPress are a huge target but also server side stuff such as the web server, programming language processors and database drivers are often big targets too. But with that said, the people who make such software are usually well on top and updates are regularly available. But you need to make sure your host is making use of them or you’re doing them yourself.
Know Your Plugins
Plugins can be a fantastic addition to your site but time and time again people find a plugin, especially for WordPress people install poor, badly coded ultimately exploitable plugins. The problem is, primarily, people don’t care what they’re installing. They search, find a plugin that does what they want to do and go ahead and instal it without any thought as to what is written in the code. It might very well perform the task at hand but the other 90% of it could either do damage directly or allow a would-be hacker in. If you’re installing plugins you need to install them from the WordPress site directly AND make sure it’s frequently updated. Choose something with release history, not just something new that’s never been updated and obviously not something which hasn’t been updated for 5 years!
cPanel / WHM Upgrades
cPanel is the most popular control panel out there at the moment with millions of websites based on it. As we’ve seen with WordPress, the more people who make use of it the more it will attract attention for hackers. Fortunately, upgrades to cPanel are common, almost daily there are bug fixes etc but again you have to keep track of it. Make sure the web host you choose take care of the cPanel and WHM updates for you if you can’t do it yourself.
Security is one of them things that you probably don’t worry about too much until something happens. You get hacked, you lose your site and so on and only then do you worry about preventing the same thing happening again. They say defense is the best form of attack and being proactive is better than doing things with 20/20 hindsight. Take note of the above points, it’s by no means an extensive list but it’s a good place to start. Believe it or not there are people out there who go to town on their web server security and then go and use an incredibly weak password. Attackers will always go for the easiest way in so be sure to cover all bases.