Website security, it should be a concern
In the last few months both Wordpress and Joomla have had a number of security updates. If you manage your website yourself did you know that keeping your CMS up to date is absolutely crucial?
I have mentioned this matter before because it is very important. "So what is the problem if I don't keep it up to date?"
If your website is penetrated, or attacked, it could be 'benign' where the user of the site gets to see some page created by the hacker rather than your website. The equivalent of graffiti on your garden wall. It could be the silent invisible sort, you may not even know your website has been attacked. One of the more common results is thousands of links have been added to your website to other sites you probably would not wish to visit. One result of this is a sudden jump in traffic going via your website. Then there is the 'bot'. This is a bit of code that allows the hacker to employ your website to assist in other hacking exercises such as a 'denial of service attack'. This is where a hacker, using these bots can remotely create massive amounts of traffic, to shut down a target website. The bot installed on your website, along with thousands of others, would contribute to this attack.
It rather depends on the sort of hosting and who it is with. But most commonly websites are hosted on shared servers. This means your website shares a server, computer, with a number of other websites. If your website is hacked it could provide the hacker access to the rest of the server and the other websites on it. Because of this many hosting companies run monitoring systems that can detect unusual activity. If such is detected in your website then it may be taken offline immediately. The policy is generally that they require root folder to be completely cleared then a clean version of your website reinstalled, they'll know if you try and cheat this. This means you will need a clean recent back up of your site kept locally so that a full restore can be done. If your back up was kept on the same server then that will be gone with everything else. Many extensions and widgets backup to the same server, so watch out. We back up to a local server separate from your hosting.
If Google detects you have and 'malware' or dodgy scripts running in your website then you may be quickly blacklisted. You'll be left wondering why you have suddenly vanished from your expensively acquired position on Google. If you're lucky you may just get a line on your list entry warning users "This site may be hacked' or "This site may harm your computer". Theres more about this here. Checking your website would be a good place to start your investigation. Once cleaned up you can appeal to Google to re-list you.
If your website has a contact form or you sell things on your website then you may well be holding data on your website. One of the hackers pots of gold is your data, or most likely, your contact list. This has real value to them. Though we can back up your data so it can be restored in times of disaster. If someone has got access to it then it is too late, it has gone. Even if you aren't registered with ICO you have a legal duty to safeguard that data.
What can you do?
Keeping your website CMS (Joomla, Wordpress, Drupal and may others) up to date is the easiest way to ensure the best protection. You shouldn't forget the widgets and extensions your website utilises either. They won't always tell you when they need updating so you will need to check. Some of the more reputable extension and widget developers will email you if a security update is available, though don't rely on this.
Ensure your hosting is with a reliable, reputable hosting company or data centre. There are a lot of 'hosting' companies out there that just resell the services of a data centre. So find out what the score is with your hosting arrangements.
Of course you can always ask us to help... We ensure that everything is kept up to date and safe.
Cavespider, we worry, you shouldn't need to
- Written by Crispin Jones