There’s nothing particularly special about owning a website anymore, with the popularity of platforms like Blogger and WordPress able to turn even the least experienced internet user into a master of her own domain. However, the risk from hackers and other internet threats doesn’t scale with experience; security is a concern for everybody.
It’s easy to think that a small website is immune from the attentions of cybercriminals, especially if its audience is limited to friends or family or a local soccer team (for example) but hackers can benefit from breaking into almost any website, and doing it “just for fun” is as legitimate a reason as the more nefarious criminal endeavors.
At the latter end of the spectrum, a group of compromised blogs and other websites can form part of a “botnet” used to overload other, larger pages with traffic in what’s known as a Distributed Denial of Service attack. Hackers can also change links, sending visitors to phishing sites, or use a page to distribute malware.
Hacking is far from inevitable though and some of the best ways to prevent security threats only take a few minutes. Here are just three:
The Power of Passwords
In 2013, WordPress itself was hacked by a botnet of 90,000 “zombie” computers under the remote control of a cybercriminal. Ironically, the blogging platform itself was totally secure; the only reason the hack happened was because website owners didn’t take even basic security precautions to protect their site.
The botnet simply tried thousands of sites with username and password combinations like “admin” and “123456” (the most common password in 2015) in what’s known as a brute force attack. It takes milliseconds to crack the previous combination but an account secured with a complex password, inclusive of numbers, symbols, and both lower and upper case characters, can resist brute force attacks for many years.
Systems like web application firewalls (WAFs) provide an increasingly affordable solution to security concerns like SQL injections and cross-site scripting, the two most common threats to WordPress sites. This kind of web application security is ideal for users who don’t want to delve into their websites’ code to weed out vulnerabilities.
Some WAFs exist entirely in the cloud, which means that they can deter attacks before they even reach a website, and firewalls with customizable rulesets mean that administrators can tailor their level of protection according to their company’s security policy. There is also a range of WordPress plugins specifically designed for keeping sites safe from unwanted intrusion.
Let’s be honest - two-factor authentication can be a pain, as even mundane things like clearing cookies or using a new device can trigger it on some services. However, it can significantly reduce the risk posed by even the worst password by requiring text message or app confirmation of a new login attempt.
WordPress introduced two-factor authentication shortly before the 2013 hack. It’s since become standard with security-conscious companies and platforms like Facebook, Google, and Valve’s video game store, Steam. It’s something the user has to switch on after sign-up in many cases so it can require a little digging in the settings pages before it’ll work.
So, there you have it – three ways to keep hackers away from your digital doors this wintertime.