Within the past month a certain website I work with got hacked. I’m sure it wasn’t one of those Chinese government conspiracies you hear about on the news. Tens of thousands of websites get hacked every day. Yours could be among them and you may not know it for quite some time.
For most sites I deal with I prefer to use WordPress. It’s an excellent platform boasting millions of implementations by scores of developers. Tons of handy plugins are freely available to enhance the what the websites can do. As great as that is, very few of those plugins are created by big companies equipped with security and testing departments. Most plugins are made by lone programmers who got an idea and started writing code. Within a few days or weeks they released and promoted a neat product that uses its customers websites as Guinea pigs. The security in many of these plugins are like Swiss cheese. Even wildly popular and seemingly bulletproof plugins are vulnerable to eventual exploits.
When you hire a web designer, don’t assume that they know anything about website security. Arm yourself with knowledge of best practices in making sure your website less vulnerable and reducing the odds of losing important data.
Just as one of the costs of having a personal computer is running antivirus software, assume that preparing for website hacks are a cost of doing business. Here are some suggestions:
- Host your site somewhere that promotes having tighter security measures in place. For WordPress, one that has impressed me is WPEngine.com. They even disallow several common plugins with known vulnerabilities.
- If allowed by the host, use security software plugins. Don’t just install them. — USE them!
- Don’t install just any plugin. Read reviews and do a Google search for comments related to security.
- Make backups and DOWNLOAD backups. Keep backups of backups.
If you are serious about your business (and you are) go to http://www.BusinessLeader.bz/tech for best practices checklists for your website.