Ranson and West

Confessions of a Suffolk Photographer – Website Security



In light of recent news this week regarding the 1 billion yahoo user accounts that may have been effected by hackers, we invited Abbie Thoms from Polyspiral to give her Ten Top tips on website security.  Abbie is passionate about this subject and has given many presentations over the last few months.  Take a moment to read through her advice and keep your websites safe this Christmas!

Top 10 Tips – website security

1  Whether it’s Drupal or WordPress, never have Admin as your username for the backend of your website. It’s easy to guess, so make it one more thing a hacker has to crack, but making it something only you know.

2  Passwords – Never use 123456, or password for your passwords. Use alphanumeric, upper and lower case and best of all use characters like these: !@£$%^&*()_+}{“:><?. Punctuation characters are used in programming and hackers create programs to guess passwords, so at the time of writing this, characters like these make your website even more secure.

3  If you have more than one website, use a different password for each site, not the same one and definitely not the same password for everything!

4  If you have more than one person updating your website give them individual admin accounts, so in the unlikely event you fall out, or they leave disgruntled and you fear they may deface your website. You don’t have to make sure everyone knows the password that has changed to prevent damage, you just need to change one or delete their account altogether.

5  Run those security updates. These are like the updates that your computer and mobile devices notify you of, which hopefully you diligently run when needed. They keep your devices running smoothly and securely.  If not, things can go disastrously wrong, even stop your computer running.

6  WordPress, Drupal and Joomla are no different. These are improvements to the website software to make it more secure from attacks from people and malicious scripts, that can break your website or hijack it to send out spam. Many hosting companies will terminate their services; stopping your website and email from working if this happens to protect their other users. If you run these often (at least monthly), there is no need to panic.

Don’t have your password on a Postit note on the screen of your computer, you never know who might see it.

7  Memorise a complex password and never have to write it down. It seems a drag but worth doing. Old car number plates can be a good source of random numbers and letters and adding a ! to the end can help to. Your child’s name and date of birth can be easy to guess by your Facebook page, so make it something no one can guess.

8  Backup your website daily, make sure you can restore your website from those backups and that you can download them in case something happens to your hosting company. And in the case of your website being hacked you can reinstate your site from the backups you’ve saved.

9  If you don’t sell to places like China, USA and East Asia for example, you can block access from these countries either with a plugin (if you’re using WordPress) like WordFence, and / or block access via Google Analytics. This means fewer irrelevant people and thus potential hackers can access your website, reducing the chances of an attack.

10  If you’re using WordPress for your website, you can change the URL you use to update your website. So instead of www.your-website-address.com/wp-admin, you can change it to www.your-website-address.com/completly-unguessable-URL. This reduces the chances of attack as a hacker will have to guess the login address, making it even more difficult to get into.



« | »