Website Security – What you need to know
Websites are getting hacked, personal data is being stolen and this is what you need to know to secure your business and make sure it is backed up and safe.
Every website owner needs to be aware of the dire state of website hacking and cybersecurity statistics. Almost all software ever built can be “hacked” in some way, and these statistics will give you some insight on where to point your focus.
Companies are now dealing with cybersecurity daily
When a site gets hacked, Google warns its visitors with a strong red banner message such as “This site may be compromised”. When Google strikes with a blacklisting message such as this, a site loses approximately 95% of its organic growth. However, not only do you lose organic growth but also you lose both revenue and your reputation, which can be fatal to your business.
The 2020 WebARX website security survey found that more than 73% of digital agencies and freelancers are increasingly worried about website security. However, this number was slightly higher among WordPress users. This data also revealed that while agencies and web professionals are both increasingly worried and have challenges with website security – only a little less than half of them (45%) take proper measure to protect the sites, they are responsible for.
Since the first half of the year, we have noticed an increased amount of attacks targets to websites. This is due to COVID-19. We are all spending much more time using the internet than ever before, resulting in a higher amount of cyberattacks targeted to websites.
According to an analysis of over 240,000 sites, the malware goes undetected for at least 3-6 months, working behind the scenes until Google or your WebHost flags it. In 2017 alone, there were more than 317 million new pieces of malware – computer viruses or other malicious software created. We do not have statistics on how many were made daily in 2019; however, it estimations suggest it to be significantly higher.
On average, there is an attack every 39 seconds on the web, and the non-secure usernames and passwords used give attackers more chance of success.
Thirty thousand new websites are hacked every day on average. These sites are usually legitimate small business sites that are unwillingly distributing malware.
Unfortunately, WordPress is one of the main targets for hackers. This may be because it has a massive user base and is extremely popular because of its ease of use, SEO and Online Marketing Performance. The main problem is not WordPress itself, but its expansive range of third-party plugins that are used by WordPress users.
No matter how many security tactics WordPress deploys to secure its core, the effectiveness of these does not apply to its plugins. Its because WordPress allows users to extend the basic functionalities of the platform using all different kinds of components.
The most commonly found vulnerabilities found in WordPress plugins can range from the disclosure of sensitive information to SQL injection, and remote code execution.
WordPress is used by over 35% of all websites, so it is unsurprising it is registered to have the highest number of vulnerabilities (542) in 2018, which is a 30% increase from 2017 (Figure 5).
However, 98% of WordPress vulnerabilities are related to plugins. With the most popular vulnerability types in plugins being Cross-site Scripting and SQL Injection.
The main problem here is that anyone can create a plugin and publish it – WordPress is open source, and nobody is performing a code analysis before the new plugin is sent out to the world. There are also no serious security standards for these plugins; therefore, WordPress plugins are unfortunately prone to vulnerabilities.
So, how to ensure your website is as secure as it can be?
- You should always keep the software you use updated and monitored.
- Make sure you are always aware of the components you are using on your web application and ALWAYS remove the ones that you are not using.
- Choose a trustworthy hosting provider.
- It is vital to choose the right security provider for your WordPress site or any web application. When it comes to WordPress security plugins, firstly we recommend you get a better understanding of the WordPress security plugins ecosystem and how they all work. If you haven’t got technical skills to evaluate the chosen firewall code, let a professional help you out.
- Always remember that when it comes to security, always do your research before committing.
- Keep your website up to date with website maintenance and support.
WordPress Backup and Upgrade Overview:
- Backup your website system before completing any tasks below
- Update plugins
- Update Themes
- Update WordPress
- Use secure passwords not stored in the cloud
A great idea is to make sure your website hosting is using scanners and get a report sent to you each day. Also, install WordPress security plugins like Jetpack or Cloudflare.
Ideally, as the first line of defence make sure you are using strong passwords and also make sure you have limited logins type of plugin installed.
Jetpack as a site down feature so you can get alerts as soon as your site goes done (might not a security issue but it’s still worth monitoring). Cloudflare and Jetpack also help to speed up your site and Cloudflare have country blockers so you can keep your site visitors local.
- Check your site here anytime – https://sitecheck.sucuri.net/
- Ask your hosting provider to install a scanner like https://www.clamav.net/
- Install a website plugin like https://www.wordfence.com/
Keep Website Backups
Keep backups, it’s your business and it needs to be protected. The website hosting company and developer are not the ones hacking. They will have measures in place on some level but if a hacker gets in, removed your backup files and also if the hack goes undetected then all backups over time will also be corrupted. Ask your website developer for a copy of your site ongoing or get some coaching on how to do this yourself. At RCS Digital we have different packages for different types of clients. For instance, if you don’t make changes to your site often then upgrading your system might be ok quarterly. However, if you are running a shopping cart or online sales then daily backups must be taken and restored as soon as there is an issue.
Trackback from your site.