Is your website as safe as you think?
Jun 03, 2015
With technology advancing at an exponential rate, risk of hacking is increasing in line, with unbelievable speed. Hackers will make use of all the weaknesses of third-party software to gain access to your website, enabling them to steal you data, ruin your website and undertake illegal actions across your site.
But fear not as there are some simple techniques you can implement to your website so that your security is as strong as possible.
1. Strong passwords – a unique password with digits and at least 8 letters is the first step to keeping your online endeavours secure. Your website is only as secure as its weakest link and if you have a weak password, this could be the factor that lets hackers in.
2. Updating your software – outdated software is the easiest thing for hackers to manipulate because they know the entrances within the software. Updating your software regularly is a sure fire way to remove these openings as they remove these ways to get in and implement new security.
3. Back up restoration – keeping the hackers at bay is a never ending task and they will always find a loophole to target your website. Having a back up plan is the best thing you can do if your website is compromised, because it means any problems they cause can be quickly restored to your last backup. This will avoid losing revenue and tarnishing your reputation.
4. SQL injection – SQL is a system used in databases which is controlled by text commands that can do things like empty or delete a whole table of information. Some malicious users can use text fields in forms to send some of these commands to your database and corrupt your data. All of Website Success' eFusion forms use complex input cleaning techniques to prevent this happening.
5. DOS or Denial of Service – made famous by attacks on Yahoo, eBay and Amazon, these attacks make use of the web server's built-in traffic management systems and work by blasting the server with a huge volume of requests which cause the server to lock up and crash. Our servers use intelligent traffic management techniques to prevent these attacks from damaging your data.
6. Data encryption – on many sites on the way from the user to the server hackers can pick up sensitive information like payment details and personal details. On our servers we automatically encrypt this data to prevent any malicious attackers from intercepting this information, keeping your customers safe.
7. Cross site scripting – similar to SQL injection this technique can be used to run dangerous code on sites and perform server actions like deleting pages, exposing data or allowing unauthorised users to act as administrators. This technique is exploited through web forms and site URLs, our server-side protection is set up to prevent the risk of these methods.
8. Brute force attack – this relatively simple method of password exploitation submits an attempted login sometimes thousands of times a minute to attempt to just guess the password on someone's account. It attempts common passwords first and works up from there. This emphasises the value of strong complex passwords. Your site can also be set up to track IP addresses and recognise any browsers attempting this kind of attack.
9. Debug mode enabled on production sites – when developers are creating sites and applications they may have what's called a debug mode which gives them extra information about the technical operations the website is performing to help them interpret performance issues. It's essential this is turned off when sites go live and open to the public as this information may increase the effectiveness or likeliness of any number of attacks.
10. Code injection – this technique works a lot like cross-site scripting or SQL injection and can be just as destructive. The difference with code injection is that the script is often uploaded directly to the server through file upload forms. This is circumvented by being very strict with what file types can be uploaded (i.e. limiting it to images, or videos etc.) to prevent dangerous uploads.
If you feel like your website isn't as secure as you would like it to be contact Website Success and we will discuss with you what can be added to your website to give you that extra peace of mind. Click the contact us page to use one of the multiple methods to contact Website Success or visit us in our branch in Chichester, West Sussex.