We take security seriously at Pro Digital Marketing. We make sure you protect your users information as well as ensuring your website is free from malicious attacks.
Hackers on the web are getting more and more sophisticated in their attacks. Most websites have a login where you can edit content or allow staff or users to add content. It becomes very useful for editing and accessing the website. However it does leave gateways for malicious users to access your data and potentially to take over your website.
There are common security practices that need to be followed in order to get the best security applied to your website. Each website is different and requires different protection mechanisms to avoid any security breaches.
The steps needed to protect a website are as follows
Understand the hosting platform
A website needs a server to provide the information to the world. There are companies who will host your website on their servers and they normally have some basic security measures built into their platform. Some platforms have much better security settings than others.
Our first step in securing a website is first analysing the hosting platform of the website. Each web host will have a page on the types of security they implement. Since not all security is applied to every website hosted on this platform. We then analyse the plan the website is using from that hosting service and determine if these settings meet our strict guidelines. We then determine what changes may be required to uplift to the correct standard for your website.Next Process
Understand the technology used
The second step in this process is to understand the type of website you are hosting. There are many different technologies that have been used to build websites. Some of the main services are: WordPress, Drupal, Joomla, Wix or squarespace.
CMS (Content Managements Systems) such as WordPress, Drupal, Joomla and others, generally have an admin login. These logins need to be protected with secure passwords, multiple login attempt restrictions, second factor authentication mechanisms to ensure your password is never exposed.
There are other areas of your website that can be exposed security vulnerabilities such as customer forms, blog commenting, etc. You may have seen spam already arriving in your inbox because these areas are being exposed. It is important we prevent the ability for all hackers to infiltrate your business website.Next Process
Implement Industry Best Practice Security
Once we have determined and analysed the type of server and the website installation medium. We begin hardening (industry term for improving) the website and its security implementation. We implement password controls, prevents logins from attackers, implement WAF (see below) as required, prevent malicious form submissions, database login hardening.
We provide our clients a monthly report with the security improvements that have been applied to the website. Contained in the report also includes the updates that have been completed and the improvements in SEO ranking.Next Process
Just like SEO and website design, security must be updated and maintained. Servers must be updated to remain ahead of the vulnerabilities that are exposed when using out dated software. Likewise the CMS system implemented also needs to be updated for strong security and prevention from the most recent types of attacks.
Security is something that will continually need to be looked after. Our Pro Digital Marketing web development team are here to help you stay current and ahead of the rest.Next Process
A denial of service attack is one that aims to brute force overload your website and bring the server down from not being able to handle the amount of traffic it is being requested.
An exposed password is obtained to your website and this enables an attacker to have access to your entire website. This is needed to be prevented at all costs
There are a lot of websites with databases. These databases are often exposed on your website url. The database is going to hold your most precious data. The database can be hacked from brute force attack or via an SQL injection. This is where an attacker sends a normal request to your website , but then the website looks up data from the database it shouldn’t and sends it back to the customer. Ensuring you have the latest updates and install verified plugins is the best way to prevent this.
If the right security is not used for login and passwords, then a service can be used by an attacker to try combinations on your website of usernames and passwords to eventually gain access. Often your email or username is located on your website, so the attacker only needs to guess the password. With computers doing the work for them, this can be discovered in minutes or hours.
A Web Application firewall is a great preventative from many attacks from attacked. The WAF sits between a users computer and your website, they detect attackers and block them before they can do damage to your website. WAFs are aware of many of the types of attacks that malicious users do and can intercept these attacks, they can then look to disabling a user from accessing your website so they are blocking future attacks from the same people. They also have lists of addresses of malicious people who are attacking other websites and can prevent them coming across to your website.
We protect our clients website from all kinds of security threats so you can rest easy knowing that your data is safe.
According to WordPress one of the largest used website applications, it powers over 38% of all websites on the internet today. It is also responsible for managing 63.6% of all CMS (Content Management Systems) on the internet. This is both a good thing and a bad thing.
Let’s start with the good. WordPress is used by so many people over the internet their software is updated often and maintained well. They are actively supporting security updates and looking after their customers. There is also thousand of plug ins you can use to adapt your website easily to any thing you need.
Now the bad, WordPress is very common and that makes it more enticing for attackers to hack, since they can apply the same hacking technique to all the other WordPress websites. This is traditionally the reason windows OS on PC’s has been targeted for many years, because 77% of the world use it. See Global Stats Counter for more information https://gs.statcounter.com/os-market-share/desktop/worldwide
If you are going to find a way to hack into a service, the one with the most opportunity is what attacker target.
Don’t worry, Its not all bad. Just like Windows OS, if you implement the best controls you will be protected and attackers will find other sites to attack instead. Let our security minded team help you stay safe and keep your and your customer safe.