Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The 3-step plan to make your website harder to hack

Robert Lemos | July 10, 2015
When a big website like Lenovo's gets hacked, it's news. But most such attacks take place under the radar, at smaller sites lacking the skills or time to protect themselves. Take the legions of Wordpress-based sites, which got a rude awakening last year when many thousands of them were hacked.

"It is almost impossible for developers to keep up with vulnerabilities," he says. "They are trying to run their site, and trying to keep track of all the patches and applying them is difficult."

Web-security services like Sucuri, Cloudflare and Incapsula can buy administrators more time to patch their sites, by blocking known attacks.

2. Don't forget your plugins and themes

While keeping the main content management system up-to-date is challenging, patching every plugin can be a more onerous burden, as attackers have increasingly targeted vulnerabilities in plugins and themes to compromise Web sites.

"In general, attackers are trying to own as many WordPress sites as possible using as many zero days or recently-disclosed vulnerabilities, and then using that site for other attacks," says Wordfence's Maunder.

A variety of Wordpress plugins provide security. Wordfence, BulletProof Security and iThemes Security perform a variety of security-related tasks, from scanning Web sites for compromises to setting the security controls of a WordPress site to harden the software against the most common attacks.

3. Regularly maintain your Web site

Having a hosted Web site is a responsibility and requires frequent maintenance. Administrators should back up the site, and make sure the backup is copied off the Web server--many inexperienced administrators overlook that step, says Maunder.

If you don't have time to do this, go with a fully managed site. Wordpress.com has a wide variety of templates and more flexibility than ever before. For other content management systems, such as Joomla and Drupal, a hosted service provider can manage the CMS on that server and help keep your Web site patched.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.