These days web sites can expect to be attacked by web bots as soon as a search engine index’s there site. The more advanced web bots will launch every known attack in order to find a vulnerability to exploit, and report back to its attacker, whom can conduct various nefarious acts on your server, any of which could greatly affect your business, domain and/or clients. Recently a very common attack on businesses that does not get enough publicity is ransomware, which could basically criple a companies operations until they pay the attacker money, most times these attacks dont require more effort to accomplish, so even small businesses can fall victim. Here are some tips I think every site should implement to ensure there website is secure.
- Run updates on your server and all your software frequently
Plugins are vitally important for keeping websites ahead of potential security breaches. Ensure the ability to create and utilize custom plugins to reinforce site security, such as those that block particular IP addresses. Equally important, developers must also practice up-to-date coding and development standards and should use modern versions of platforms such as PHP and Apache. WDG developers, for example, use only coding structures and syntax patterns that have been proven secure and effective in order to maintain industry best practices.
- Require a strong password policy
Require a strong password policy anywhere a password on your site and throughout your organization anywhere a password is used. Attackers will often brute force your user passwords using scripts, which is akin to trying every common password for every username until one is found, such an attack takes a few minutes to conduct and is also typically automated.
- Conduct a regular back-up of your applications and databases
Having a backup copy of your applications and database could potentially save your business from any damage and/or prevent the loss of important information such as customer or sales records due damage was done by an attacker or virus. Once the damage is identified, without some sort of backup copy could take a business website offline indefinitely. For e-commerce websites, this could destroy the entire business.
- Obtain an SSL (Secure Socket Layer) Certificate and employ an Encryption Protocol
The information traveling from your website to your end-user can be intercepted by an unknowing third party, whom can capture sensitive information such as credit card information, username, and passwords. SSL or secure socket layer secures the information by encrypting it before it transmitted.
- Only install plugins or code from trusted sources
Attackers will often disguise viruses in actual functioning plugins, thereby allowing an attacker access to your server. These attacks often go unnoticed until it’s too late.
These steps are implemented automatically whenever possible when I develop for my clients. From a development standpoint, implementing the tips become more costly and difficult to implement as a site grows,