Following on from our article earlier this year regarding Google’s changes to favour secure websites in their search results, we are now asking 5 simple questions, which can determine how secure your website really is.
You might be thinking, “We’ve never been hacked, and it probably won’t happen to us.” Unfortunately, without proper maintenance, the chances of getting hacked are quite high. Website maintenance includes making sure your site runs smoothly, performs well every day, and is secure from harm.
Can you answer these 5 questions about your website?
- Do you have a website management plan?
- When was your website software (CMS/Plugins/PHP) last updated?
- Do you have an SSL Security Certificate (https) installed on your website?
- How regular are your website and database backups taken?
- Do you know why someone may want to hack your website?
If you answered ‘no’ or ‘I don’t know’ to any of these questions then please read on for our top tips and what you can do to reduce the risk and costs of a security breach…
Why would I be hacked?
For the average person, it can be hard to understand why a hacker would want to try and break into your website. There are three main reasons.
- They want to use it to send out spam email.
- They want to gain access to your data.
- They want to gain access to install malicious software onto your server and end user’s computer.
The cost of a hacked website
It can be difficult to measure the full cost of your website being hacked but this will mainly consist of the following areas.
- Cost for a developer to repair the damage.
- Administrative costs for time spent communicating with internal team, external vendors and customers.
- Investment in new hosting platform, migration and preventative services.
- The hours your IT team will spend investigating, researching and resolving the problem.
- Data Loss.
- Loss of Internal and External Confidence.
- Disruption and Stress.
- Loss of Revenue Due to Site Downtime.
Vulnerabilities in WordPress
Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Older versions of WordPress are not maintained with security updates. Therefore it is vital you keep your software up to date with the latest compatible versions to benefit from these security updates.
Even though the WordPress core is very secure, WordPress is also a modular platform – meaning it can be extended in any number of ways with themes and plugins. It’s therefore possible for a very popular plugin, such as Yoast SEO to have security flaws that can impact thousands of WordPress sites all at once.
In fact, as of May this year it was reported by security researchers that there were vulnerabilities found in Yoast SEO 3.2.4 for WordPress. If your website is using WordPress it is virtually guaranteed you will be using this very popular software plugin and as a result can be at increased risk unless you ensure it is updated.
Security tips – Risk reduction, not risk elimination.
- Stay updated – Ensure your Web Server, CMS and Plugin Software is regularly updated with the latest compatible versions.
- Toughen up access control – Use strong passwords, stored securely and avoid using ‘admin’, as your WordPress CMS username
- Security applications – There are good security software applications that can be installed via your CMS and also at the server level
- Hide admin pages – Restricting access to your admin pages can help prevent potential hack attempts
- Use SSL – Restricting access to your admin pages can help prevent potential hack attempts.
What can allmedia do to help?
allmedia can deliver regular website software upgrades, maintenance, monitoring and reports. We can provide a one-off report to highlight your risks, carry out a full and thorough range of security upgrades, plus establish a management plan and schedule for your total peace of mind.
- Security Auditing – from £360
- Website Hardening – from £490
- Complete Website Management – from £300pm or £1,440 annually
- CMS + Plugin + Framework Software Upgrades
- Compatibility Reviews
- Pro-active Security Monitoring + Reporting
The cost of these types of service is completely offset by the amount of time you will save trying to keep up to date on all the latest issues, best practices not to mention the cost of not having anything in place for your website maintenance. For further pricing details, please get in touch with us to discuss your specific requirements.
Please contact us today on 0191 221 2277 or email firstname.lastname@example.org to discuss your current website management plan and how we can work together to ensure you have the right level of security in place.