When we think about hackers, our general perception is that they target big corporations, government agencies or research facilities. In fact, 78% of small businesses are being targeted by cyber criminals (source: Smart Company). According to IBM Chairwoman and CEO, Ginni Rometty “Cybercrime is the greatest threat to every company in the world” (source: reuters.com), and the stats to back that up are staggering.
On average 30,000 websites are hacked every day, and hackers create 300,000 new pieces of malware daily (source: webarxsecurity.com).
Falling foul to one of these attacks can not only disrupt business operations and damage their reputation but also, it could lead to a data breach, providing hackers with access to customers’ credit card information and data, staff credentials and other commercially sensitive information.
According to Netcraft, there are over 1.3 billion websites in the world, with over 455,000,000 of them using WordPress, accounting for 35% of all websites (Source: Whoishostingthis.com). For small to medium sized businesses, the lure of easy content management and updates, may mean that for businesses in Cairns and Far North Queensland, the market share of WordPress could be higher still.
At the time of writing only 11,000,000 websites had downloaded the latest version (WordPress 5.6 – source: WordPress), leaving the other 97.5% of WordPress websites potentially exposed to flaws the platform is actively trying to secure.
With so many websites using WordPress, it is therefore unsurprising to learn that the system has registered the largest number of security vulnerabilities when compared against Joomla, Magento and Drupal (source: webarxsecurity.com). It is, however, important to note, that the large majority of these vulnerabilities are through one the 55,000 plugins you can use, rather than the WordPress core itself.
As hackers become more sophisticated and persistent in their endeavours, it is essential that businesses and website administrators do all they can to protect their digital assets from cyber compromise.
Here are three simple steps you can implement now that will help you to secure your website:
Password Policies
81% of data breaches are caused by weak or stolen passwords (Source: Verizon), so it is important to enforce a strong password policy in your business.
Although you are unlikely to become the most popular person in the organisation for enforcing tougher password policies, regular password changes combined with making a variety of characters mandatory in each password, will help keep hackers at bay. A password management tool such as Bitwarden, LastPass or Dashlane, can help simplify the process for the team.
Keep all software up to date
It is crucial to keep all platforms, plugins and scripts up to date. Hackers actively target security flaws in these, so making sure the building blocks of your website are current is vital.
A recent example of this is a flaw found in the immensely popular Contact Form 7 plugin, that has been downloaded around 9.8 million times (Source: Built With). The discovery in Mid-December 2020 of an upload file bug that could allow hackers to take over a site and even the server, led to Contact Form 7 developers releasing a new patch to resolve the problem (source: Astra).
The issue is, if website administrators haven’t updated this plugin, then that potential hole in the security of the website still exists.
One of the key reasons businesses opt to use a platform such as WordPress is due to the time or costs saved through utilising the library of plugins. It is highly likely a website could have between 20 and 30 plugins (Source: WPbeginner.com), which means your website administrator needs to keep each of these up to date. Making sure one of these plugins is for security will help too.
If you are using a managed hosting solution, then script updates will already be taken care of, however if it is self-managed, you will also need to run these security updates for your hosting too.
Take regular backups
Taking regular backups of your website will allow you to recover your site should it become inaccessible or if your data is lost. According to Hostgator, the best way to protect yourself in the event of a cyber attack is to make sure you always have a recent back up. Whilst a data breach will be stressful, knowing you can restore your website will at least remove some additional problems.
Whilst you can manually take backups, it is advised that an automatic backup schedule is created. Whether this runs weekly or monthly, is up to you, however having it in place will ensure you are protected from viruses, hackers and even your own updates that you may wish to roll back.
More sophisticated tools to help combat hackers
Using the HTTPS protocol when passing information to and from a website, for example credit card payments or login information, will ensure that data is transferred securely to the server, without interception. Because of the associated SEO benefits with the HTTPS protocol, a large number of sites already use this, however you need to be sure it covers the whole site.
If you haven’t done this, installing the SSL certificate is something we can help you with.
According to Cwatch.commodo.com, to avoid SQL injection attacks you must always use parameterised queries and avoid standard Transact SQL as this would allow hackers to insert rogue code.
There are also a number of free and paid for website security and management tools that can provide DDoS (Distributed Denial of Service) protection, bot protection and run daily malware and security scans, much like the anti-virus protection you have installed on your computer.
Find out more about our web design and technical support services here.
