Website Security: The Basics

21 Nov Website Security: The Basics

 

A majority of people don’t see the need for website security because they believe there’s nothing hackers would want on their system, but websites containing very little information or assets are compromised every day.

Most of these breaches aren’t intended to steal any of your data or destroy your website, but rather to gain control of the computer or virtual machine that holds your files to use it for sending spam e-mail, or to create their own temporary web server that will serve illegal files or commit cyber crimes without you ever knowing.

Hackers usually create automated scripts that comb the Internet trying to exploit known website security issues within software. Here are a few tips to help keep you and your site safe, but I highly recommend that all serious businesses and organizations consult with an internet security professional to protect their investments.

 

Update your Software:

[av_one_full first]

[av_one_half first]

[/av_one_half]

[av_one_half]This might seem obvious, but making sure you keep all of your software up to date is extremely important.
Both the OS (operating system) on the server and any packages you’re running on your website (such as a CMS or frameworks) will need to be monitored and upgraded regularly. Hackers are very quick to take advantage of newly discovered security loopholes.

All plugins and tools will also need to be updated. WordPress, Magento and many other CMSes will let you know if any updates are available via the admin panel or an e-mail. Your server, unless managed, usually will not notify you or automatically perform these operations.[/av_one_half]

[/av_one_full]

 

Use Strong Passwords:

Everyone has been told at one point to always use complicated passwords, but it doesn’t mean they actually do. It’s essential to use strong passwords for your server and site admin panel, and just as important to enforce best password practices for your users to protect the security of their accounts.

Most hackers attempt dictionary, or brute force attacks; essentially guessing every combination of characters until it finds a match. Following minimum password standards will make this much more time consuming and difficult to pull off, helping to protect the information of both you and your users.

[av_one_full first]

[av_one_half first]

Minimum password requirements should look something like this:

• Contain a minimum of eight characters
• Include at least one uppercase letter
• Include at least one lowercase case letter
• Include at least one number
• Include at least one special character (i.e. !@#$%)

[/av_one_half]

[av_one_half]

[/av_one_half]

[/av_one_full]

 

This might seem like a lot of hassle and will probably take some getting used to, but you can use programs like 1Password or LastPass to generate strong passwords, encrypt / store them for you in a secure location, and even autofill them for you in the browser! Here’s a demo of the app we use here in the Fawkes FX office, 1Password.

 

 

Luckily for you, a lot of CMS frameworks have built in user management and quite a few website security features. Although you might have to install a third party plugin if you’re looking to really lock down your site.

 

Utilize Form Validation:

This one is a little more advanced, and should be addressed with the developers building your platform or the person that maintains it. Both browser and server side validation should always be done. Your browser is able to catch simple failures like empty required fields or an attempt to enter words within a numbers only area. But hackers are usually clever, and these can be bypassed. This is why you should make sure you  use deeper server side validation to check these fields as well. Neglecting to use validation could result in a malicious script injection that allows control of your server by an unauthorized third party.

 

Now you have a great starting point for practicing basic website and server security. But this is a vast and incredibly complex topic that we will revisit later, because there’s just too much to cover in one article. So stay safe; run those updates, enforce stronger passwords, and talk to your server admin or web developer about form validation!

 

Fawkes FX is a creative digital design studio based in Portland, OR. We work with businesses of all sizes & industries to help build their digital marketing strategies- from branding design and websites to long-term technical support. If you’d like more information about us or our services, please visit our website!