We have probably all heard the old adage, that 'a chain is only as strong as its weakest link.' The very same can be said about computers and Websites. You can have 99% of your computer and your Website secured, but it's going to be that 1% that ultimately brings ruin to your overall security strategy. In my first installment on computer and Website security, i.e. Securing Your Computer and Website (Pt1) I shared about the importance of anti-virus software, FTP passwords, operating system security patches, and software security patches.
I hope that if you have had the opportunity to read it, that you have begun, if not completed putting these security measures in place. If you have not had the opportunity to read it, and are unsure about how to starting being proactive as an Internet user and/or Website owner, please take the time to do so. In this installment of Securing Your Computer and Website, I want to focus primarily on the Website hosting service or server side of the security equation.
When I got started in computers and the Internet (seriously involved) in the middle 1990’s, when I was asked by a ‘newbie’ to computers and the Internet how to avoid viruses, being the conservative guy that I was (or rather, am), I simply said, ‘don’t look at porn online or visit porn websites.” It was really pretty straight forward and wise advice on multiple levels. At the time, 95% of all viruses were associated with seedy rogue Websites that offered pornography to their visitors (and viruses that were downloaded when they tried to save the pictures to their computers). Almost equally as bad as porn Websites were the file sharing websites that allowed users to trade files between themselves, like music and copyrighted materials (that incase you have not figured it out yet, is illegal).
If you avoided these types of Websites you were almost guaranteed that you would be mostly safe and secure from all the troubles associated with those who were foolish enough to use such Websites. Now days, any ‘Website, anywhere that is focused on a particular niche market is vulnerable. That is why it is important to actively protect your Website on the Web hosting server you use, whether it is your own dedicated Web server or you are hosted on a virtual dedicated Web server (a server where several Websites are hosted).
The following are precautions that you can take if you want to be proactive in protecting your Website from the possibility of security breaches:
1) Continually update your Website software to be sure you have the latest security patches. Most Websites are not custom built, but rather templates and fairly basic platforms that most Internet users, if they want tot take the time to learn, can personally set up their own Website. Some Websites are more complex and much more customized, and are way beyond the average Internet user’s capability to build or maintain. In both instances, there is a continual need to be sure that your Website is secure and that the platform or Website development tools you are using to build and maintain your Website are continually upgraded with security patches.
Blogs are becoming a huge part of the Internet Website business and the WordPress blogging platform is by far one of the fastest growing platforms in popularity. It is the blogging platform we recommend to all of our clients. This blog is built on the WordPress blogging platform. Whatever you decide to use for your Website’s platform to build your Website, be sure that you are always running the latest version of the main software that powers your Website, and if they provide plug-ins like that of WordPress, be sure to upgrade your plug-ins whenever you are told to do so. The cool thing about WordPress is that it updates itself whenever there is a new patch or security or stability issue that needs to be addressed.
Unfortunately, because of the WordPress popularity, many of the latest hackers are targeting WordPress. Whatever you are using in the way of a Website platform, you can help to avoid security issues by always seeing that you are running the latest version and that if you use plug-ins for that platform, that you keep them up to date.
2) Get help from Google Webmaster to monitor your Website. Google has some pretty cool tools to help people use the Internet more effectively and securely. One of those tools is a Google Webmaster account, and it is FREE (I love that word… FREE). If you get your Google Webmaster account linked to your Website, should you be hacked by some cyber-dog, Google will send you an email to tell, and even what pages have been hit by the hacker. And, while your Google Webmaster account is not a prevention tool, it is a valuable free tool that is the cure to helping you solve your security problems. Google updates the pages they monitor every hour of every day, so for most Website owners who have and use the Google Webmaster account, Google is most often the first to notice your site has a problem, and lets you know.
3) Confirm with your Web hosting provider that they keep their server patches updated. Most of us use third party web hosting (meaning you don’t have your Website hosted on your own computer). As a general rule, most people assume that their Web hosting company is proactive with their hosting servers. Unfortunately, they are not. But you can still make sure that your host is doing everything they can by asking. Send an email to their support department and ask them directly how often they implement server updates and security patches, and what their security methods are. When they respond, print out and keep a copy of the response in your Personal Identity Security folder for future reference (you attorneys know what I am talking about). It is sometimes worth paying a bit more to make sure your host is doing as much as you are to protect your site, your business, and you.
4) Check your server file permissions and see that they are secure. Imagine having a really nice garden that you have spent months cultivating and it is just beautiful and something you are really proud of, and to get into the garden, there are 4 different gates that allow access to it. Three of those gates are securely locked, but you have not taken the time to lock the fourth. If a gate is left open, as gardening goes, something or someone come through it and there is no telling the damage that will be done to your garden (thinking of a particular neighborhood dog right now that really likes to dig under tomato plants). Server file permissions are sort of little like these gates to your garden. If you leave access to your server files (files that make your Website work and collect information from visitors or users) unlocked, the dog(s) will get in via these unsecured permissions that have been set incorrectly. Although they can be quite hard to understand, if you speak with your hosting company, they can make sure that your permissions are correct and secure.
I said earlier that no computer or Website is 100% secure or safe from hacker or virus attack. Truth be told, if someone really wants to get to you, they will. It’s just a matter of time. However, for most of the vast majority of computer users and Internet users, Website owners or Web hosting companies, the majority of computer and website attacks by viruses and hackers are not personally motivated at a particular user or company, and are not overly sophisticated. These are the attacks that you can be proactive in preventing if you are willing to take the steps I have outlined here in this two part blog post on securing your computer and Website.
My advice: “Update always and often.” Please feel at liberty to pass this information along to your connections on your favorite social media network by clicking on the share button below or tweet it to your friends and followers. It might save their computers or Website’s life one day, and maybe even more, like for instance your reputation and financial well-being.