Website security is a rather controversial and extensive issue. But, as with any other issue, it all comes down to money. How much to spend and whether to spend money at all on security?
Today, there are a huge number of companies that offer website protection, secure correspondence, and IT security services in general, but their services are often quite expensive.
In our opinion, there is no point in additional measures if your site is informational in nature and does not contain a large amount of any customer data. What is a website usually like? A company description page, a service page, several others, and contact pages. What to steal? These are regular files where everything is available anyway. The only thing to watch out for is to ensure that your site does not have third–party scripts, links to other sites, and other third-party information. 90% of WordPress site hacks are done in order to embed a script or link. However, modern servers are well protected from this kind of hacking, so often your site is not in danger.
How do we take care of security within the framework of support?
- We host websites on our servers. It makes no sense for attackers to spend time on small servers, because they are interested in hacking large companies.
- Each site has a separate user. If you are a little familiar with the structure of linux systems, you probably know that it is impossible to do anything in another user’s folder. Therefore, even if one site is hacked for some reason, the malicious code will not be able to spread to other sites.
- We use two-factor authentication in all services, including servers. This is now one of the most reliable ways to protect any system.
- We are constantly updating the WordPress core and all plugins. This ensures that the versions are up-to-date and that any vulnerabilities are eliminated.
- Antivirus programs are installed on our servers, which check all sites on a daily basis for malicious scripts.
- If our clients do not log in to the admin area of the site on their own, we limit this option to all sites for one IP, from which we work ourselves. This means that you can access the website’s admin panel from only one device in the world.
- On our servers, by default, the ability to log in as a root user is disabled. Most server hacks occur under the root user.
What is the threat of the lack of site support?
Your website can work for years without any problems. As already mentioned, modern servers ensure the security of the site quite well. However, in our practice, we have seen very interesting cases where hacking has occurred, but no one has seen it. Here’s what could be:
- Your website may contain links to other websites. This can have a negative impact on the SEO of the site and on Google’s positions.
- The site may contain scripts that are not visible at all. They can only be triggered at a certain moment as part of some kind of malicious system in order to carry out a DDOS attack, for example.
- There are also scripts that covertly monitor website visitors. Due to such scripts, the site may be blacklisted by various spam databases.
- E-mail can be sent from your website in secret. It also harms the reputation of the domain.
- Finally, there are scripts that completely replace the look of your site for Google. That is, you and your visitors see a normal site in the browser, but Google sees a completely different one. This is what it looks like for Google:
This is one of the trickiest scripts, and for a long time the client could not figure out what the problem was with his site.
If you would like to audit your website and transfer it to our support, please contact us.