If there’s one constant thing about website security, it’s that the game changes daily. Cybersecurity services are needed to offset the sophistication of hacking tools and the skills of the people who use them for nefarious purposes. They seem to have an uncanny ability to find and exploit the tiniest vulnerability within software.
Our website maintenance services are primarily for self-hosted WordPress installations. That’s due to it being the world’s leading content management system. With over 810 million installations worldwide (over 40% of all websites), it’s a prime target for hackers. Find a vulnerability in a plugin and it opens up the opportunity to hack thousands of sites!
Because we see this on a daily basis, we can respond to problems quickly and eliminate them. Better still, we can implement proactive measures to prevent known issues from arising, by installing protective systems for you. For example:
Security Risks
Risks are always present and occur from internal sources through weak passwords, poor site management, and outdated server and/or website software. The external bad actors are always actively launching attacks 24/7. They WILL get to yours eventually, be ready!
Server Attacks
Attacks come in several forms, including brute force logins, exploits targeting known or new vulnerabilities in server software, poor server configuration or improperly configured firewalls. Phishing attacks seek to fool people into unwittingly divulging passwords.
DDoS
Distributed denial of service attacks are becoming ever more common. Bad actors sell DDoS services to businesses wanting to ruin a competitor’s business. Launching such attacks at peak sales times cripples the site. I have expertise and solutions for that…
Security Audit Services
Website vulnerability audit evaluations are intended to uncover threats. Is there any protective monitoring and malware checking in place? Does the server have mod_security installed?
Types of Web Security
The main types of web protection are WAF (web application firewalls) and brute force login protection. These web solutions protect you from having WordPress infected with malware.
Web Security Services
Implementation of web solutions for your site. This may vary depending on the threat assessment but includes secure headers, WAF, BFL, scheduled scanning, backup systems and more.
Recommended steps to secure a website
We do website repairs almost daily, undoing the damage done by hacking attacks. On this page, we’re talking about proactive security measures to be put in place before an attack occurs. including:
Level 1: A clean small business site with no previous history of malicious attacks.
- Web Application Firewall: In my experience, the fast and lightweight Block Bad Queries plugin stops troublesome visitors in their tracks.
- Limit Login Attempts Reloaded or Loginizer – to ensure the bad guys don’t get unlimited time to fiddle behind the scenes, trying to crack a username and password combination.
- Malcare or Sucuri: To scan core WP files, plugins and themes.
- Asset Cleanup – which improves load speed and has an option to disable XML RPC
Level 2: A site which is either under attack or has previously been breached.
- Wordfence: Provides a firewall, brute force login protection, strong password enforcement, 2-factor authentication plus WP core, theme and plugin scanning and file comparison verified against the WordPress repository.
- Asset Cleanup – which improves load speed and has an option to disable XML RPC
- Place WordPress in a subdirectory to defeat automated script-based hacking efforts
All sites…
Backups of files and databases are scheduled and files are uploaded to secure off-site Cloud storage.
As well as proactive measures, we implement a good Database and File backup regime for your site and update all software as soon as new versions are available. In the less likely event that a compromise occurs and content is lost, we are able to recover/restore from the backups.
Cloudflare is also a very good option for both enhanced security AND faster page load speed. I have years of expertise and experience in using Cloudflare on scores of sites, and I do recommend it.
References
Page last Updated on Wednesday, October 18, 2023 by the author Ben Kemp