Posts

Boy Programming On Computer With Multiple Monitors And Laptop On Desk

7 Ways to Expose Your Website to Hackers

So you want to serve up your website for any hacker to break into. Sure, weirdo…who am I to judge?

Here are 7 things you should not do unless you want your website hacked:

Once again, if you’re a sensible human being you really should never find yourself doing any of these things.

1. Ignore Security Updates

They may be a nuisance, but updates patch up newly discovered bugs in software. Not installing updates and patches makes it a lot easier for hackers to compromise your device or web app. If you want your website hacked, ignore all security patches, plugin updates, and updates for CMS services such as WordPress or Drupal.

2. Use as Many Different Features and Plugins On Your Site As Possible

Plugins introduce many new potential vulnerabilities to your website, similar to how adding more windows makes your submarine less seaworthy. Be sure to load up on file uploaders, video players, ad managers, analytics, and whatever else you can cram in, even if you don’t need any of it.

3. Set a Really Dumb Password

Setting your password as something easy like “123456,” the always-clever “password,” or matching your password to your username saves hackers a lot of time. You can also help by using the same password for your computer, e-mail, FTP access, and Ashley Madison account, so that once one is compromised, all of them exposed.

setting a password to protect website security

4. Mismanage Your Website and Its Contributors

Just let security be someone else’s job, and don’t take any notice. Be sure to give your employees or contributors full admin access to your website, and make sure not to update your passwords after they leave. Sooner or later, something bad will happen.

5. Don’t Put Together a Security Incident Response Plan

No need to prepare for the worst when you’re counting on it. What if your site gets disabled, or deleted, or information is leaked? How do you detect it, how do you respond, and how do you disclose it? Those are questions that should be considered by anyone who doesn’t want to get hacked.

6. Don’t Bother Securing Your Domain With SSL

SSL encrypts communication between a website’s server and a user’s browser, especially useful in protecting online transactions and payments. But it thwarts man-in-the-middle attacks in which a hacker gets between server and browser and can monitor or alter communication. So if you want to endanger your customers’ privacy, forget about HTTPS — HTTP is the way to go!

7. Don’t Use a Web Application Firewall

A web application firewall can protect your site against the worst online threats, including DDoS attack, SQL injection, and cross-site scripting (XSS), so if you want to make it easier for hackers to overrun your website, the last thing you should do is secure it with a web app firewall like Cloudbric, Imperva, or Cloudflare.


 

This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

employee using laptop and coding injection

6 Steps to Create a Secure Website

There are roughly one billion active websites online, or one for every seven people alive right now. How about yours? Is it a secure website?

Every single second, a couple new websites are born into this world. That’s a lot of websites, so how are they being created, and how do you make one? And also, how do you keep your website secure from all the cyber threats out there?

A Secure Website in 6 Steps?

The steps needed for making a website, from registration to design, coding, operation and growth, can be a very long and complex process. Each step has a lot more nuance to it than fits here, but this guide should point you down the right path to setting up a secure website.

1. Choose Your CMS

How are you going to build your site? These days you don’t need to be a computer programmer to put together your own fully functioning website thanks to Content Management Systems (CMS). With CMS solutions like WordPress, Joomla, and Drupal, putting together a website is about as easy as building a house out of Lego. No matter what CMS you choose, there are new exploits that are uncovered almost on a weekly basis. This means you need to stay on top of software updates and patches to keep your site secure.

making a secure website with lego blocks like a house

2. Sign Up for a Web Host

Your domain name is like the street address and the CMS is like the materials you build your site with, but the web host is the actual plot of real estate where your website exists online. Some are free and come with bandwidth limitations or embedded ads, and there are commercial options that run much better. Many hosts also provide server security features which can better protect your uploaded website data. Check if a web host offers Secure File Transfer Protocol (SFTP) which makes uploading files much safer. Many good hosts should also allow for file backup services and have a public security policy showing how well they keep up to date on security upgrades.

3. Design Your Website With Security in Mind

What’s your website going to look like? Hiring a designer is usually worth the money you pay, but if your site is straightforward enough then you don’t need to do anything fancy. These days, simplicity is the golden rule, and minimizing add-ons and plug-ins is recommended for aesthetic, operational, and security concerns. The main thrust of your site should be text-based and presenting your product clearly, with images and design flourishes playing in the backup band. Basically you should focus more on avoiding bad design than embracing great design.

4. Apply a Web Application Firewall (WAF) to Protect Your Site

As soon as your website is online, it is exposed to a rogue’s gallery of cyber threats. Automated bots are out there scanning for vulnerable websites, and newly created sites are an especially tempting target. Adding a web application firewall (WAF) such as Cloudbric, Incapsula, or Cloudflare, will ensure that you have a secure website before the attacks start.

5. Do Business Online Secured by Secure Sockets Layer (SSL)ssl is like a handshake for a secure website coming out of a computer

If you’re going to have users registering on your website, and especially if there will be any kind of transaction, you need to encrypt that connection. Using SSL certificates creates a secure handshake between your website and clients’ devices, ensuring that no third party can covertly slip in between and monitor, hijack, or shut down any transactions taking place. GlobalSign is one good example of a widely available SSL certificate that pairs well with almost every website.

6. Grow as a Responsible, Respected Member of the World Wide Web

So you have a functioning. secure website protected from security threats, and you are engaged in commerce for your business. Now the main duty is to grow and reach more people! Reach out through SNS, set up your site so it can be indexed by search engines, and take advantage of SEO opportunities. The Internet is your oyster. But never lose track of your security needs, and focus on maintaining a reputation characterized by responsibility for cyber security matters.

Once you’ve finished these steps, your website is ready to make its mark on the Internet!


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.