Website Security
An important and essential topic of discussion with any website is website security.
There are so many ways that hackers can get to your site these days and even information on how to do so is easily accessible online. By taking the necessary precautions, you will save yourself the hassle of now will help prevent having to clean up a huge mess in the event that anything does happen.
Why should I worry about my website's security?
With the IT industry constantly changing, especially with Internet and security, it’s crucial to constantly keep your software, both on your hosting account and on your computer, updated. And don’t forget to maintain regular backups of your website. Lastly, you should also scan your computer for viruses and malware on a regular basis.
1. Backing up your account
This first step to take is to always backup your website on a regular basis or whenever you make any changes or additions. The control panel for your website, such as cPanel, should have an easy backup utility that you can use to backup your entire website, databases, email, and files.
2. Vulnerabilities in the software you run on your hosting account
The next step to take is to asses any vulnerabilities in the software that you run on your web hosting account and on your local computer. Hackers are usually successful through these vulnerabilities with the numerous techniques that can be used against them.
For instance, most software that users run on their website is Open Source, which is free software that’s available for anyone to download and use. Examples of such software are the commonly used WordPress and Joomla. However, since anyone can download and view the code for Open Source software, it makes it easier for hackers to find ways to compromise a website. Therefore, the authors of such applications regularly release updates and security patches. So it’s important to make sure that you’re running the most current versions of any third party software on your website since those are usually the most secure.
The following is a list of links, specifically for WordPress and Joomla, that point to the software’s own information about security:
WordPress
Wordpress.org – How to Keep WordPress Secure
http://wordpress.org/development/2009/09/keep-wordpress-secure/
WordPress.org – Hardening WordPress
http://codex.wordpress.org/Hardening_WordPress
WordPress.org – Upgrading WordPress
http://codex.wordpress.org/Upgrading_WordPress
Joomla
Joomla.org – Joomla Security Center
http://developer.joomla.org/security.html
The Joomla Security Center includes information about their latest security news, their latest security articles, and more information in general about the Joomla Security Strike Team.
Joomla.org – Upgrade Instructions
http://docs.joomla.org/Upgrade_Instructions
3. Vulnerable plugins
In addition to the actual software, it’s also important to keep any third party plugins / extensions on your website up-to-date as well. Here are a couple links for more information about this topic:
Joomla
Joomla.org – Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List
WordPress
Wordpress.org – Hardening WordPress – Plugins
http://codex.wordpress.org/Hardening_WordPress#Plugins
4. Vulnerabilities in software that you run on your local computer
On the other hand of things, companies such as Microsoft and Adobe that provide software that you run on your local computer release updates also release updates on a regular basis. Here are links to information about security updates of major software titles:
Adobe
Adobe.com Security bulletins and advisories
http://www.adobe.com/support/security/
For example, Adobe offers many popular products, such as:
Adobe Reader – http://www.adobe.com/support/security/#readerwin
Adobe Dreamweaver – http://www.adobe.com/support/security/#dreamweaver
Adobe GoLive – http://www.adobe.com/support/security/#golive
Microsoft
Microsoft.com – Windows Update
http://windowsupdate.microsoft.com/
Microsoft provides Windows Update to help keep your copy of Windows and other Microsoft products up to date. Be sure that your version of Windows has installed the most up to date security patches available.
Apple
Apple.com – Apple security updates
http://support.apple.com/kb/HT1222
Apple is well known for the security and stability that their products come with, but even Apple has to releases security updates. Please see the link above for more information regarding Apple security updates.
5. Did you code and develop your website yourself?
Another security precaution to take is that if you coded your own website, it’s important to know common techniques that hackers use to help you take steps to making your own software secure. Here’s a list of links to articles on Wikipedia for more information on common hacking techniques:
SQL injection
http://en.wikipedia.org/wiki/Sql_injection
Code injection
http://en.wikipedia.org/wiki/Code_injection
Cross-site scripting (XSS)
http://en.wikipedia.org/wiki/Cross_Site_Scripting
Remote File Inclusion
http://en.wikipedia.org/wiki/Remote_File_Inclusion