In the past week, President Obama has implored Americans to use greater security measures to access their online accounts and the Justice Department has demanded that Apple craft a one-time backdoor program to access terrorists’ iPhones. So digital security, in a variety of circumstances, has been at the fore.
In fact, one of my favorite WordPress plug-ins, Wordfence, sent out an attention-grabbing headline recently in their blog: “6 Million Password Attacks in 16 Hours and How to Block Them.” As a web designer, this caught my attention for immediate investigation. As my reader, you may wish only for the short version of the story:
You may not know it, but it’s likely your site is under attack right now
I’m not trying to be alarmist, just realistic. But don’t panic. I’ve got it under control. All sites I design include a variety of security measures, including firewalls, anti-spam, malware protection and hacking measures. In fact, every day I receive notices from many of the sites I’ve designed about hacking attempts. (None successful!)
As a matter of curiosity, I tallied up how many notices I’d received for a sampling of my sites over the past 90 days. A single notice may inform me that a site was subject to a brute force attack (an attempt to login by guessing the username and password), which may reflect 10 or 20 attempts before the hacker was locked out of any more attempts. Wordfence may have recorded upwards of six million password attacks in their study, but my sampling of a few clients was considerably smaller:
NOTE: Each notice represents 10-20 hacking attempts.
How safe is SAFE?
I’ll be honest: I’ve had a couple of clients on the receiving end of successful attacks over the past few years, a very small percentage. It’s impossible to prevent 100% of attacks. (Just look at how big the security industry has grown!) Some clients haven’t been interested in heavy security measures historically. Of course, from the point of view of those who were hacked, it was absolutely awful. And they were right. Being hacked is horrific, even if you don’t have an e-commerce site.
No one wants their site to give prospective or existing clients a poor impression of their business. We worked closely with those clients and their host providers to quickly clean up the sites, install new security measures, and ensure the likelihood of ever being subjected to another attack was reduced to darn near zilch.
You’ve probably noticed, however, that your own security software (firewall, anti-spam, etc.) is updated by the manufacturer constantly. Hackers have become increasingly more sophisticated and relentless. (If your site login is “admin” and password remains “1234password,” you are asking for trouble.) So it’s likely that you’ll need to remain attentive to ensure your website remains hacker-free.
An open-door invitation to hackers can look like a site that are rarely updated. Often the underlying software that runs the site hasn’t been updated since a site was built. If you don’t have a modest maintenance package in place, or you haven’t updated your site since it was built, it is possible your site is hackable since manufacturers update their software quite frequently for security purposes.
How is my site protected?
As I mentioned, all my clients’ sites use various security plug-ins as protection. How? Wordfence is one of the best, and I have this plugin (or another) programmed to send me immediate notification of major hack attempts. It protects against brute force attacks, malware, provides a firewall, and lets me know where hack attempts are coming from. Should I see anything alarming I can manually block out a hacker or even a whole country!
With some clients we’ve opted for additional security measures, moving to upgraded hosting packages which manage 99.9% of security measures for them. I am strongly in favor of using these options because they can save clients lots of money in the long run if they’re ever hacked.
Consider a hosting upgrade to be just like personal or business insurance. If it gives you significant peace of mind to know you’re well-covered, by all means invest in the “lower deductible, greater coverage” policy.
Just because you’re not doing transactions on your website doesn’t mean it doesn’t need first-rate security. If you’re not sure if your site is fully protected, or you’d like to learn more about how to ensure you have better protection, give me a call (707.721.1095) or email (firstname.lastname@example.org) to learn more. And don’t forget to change your logins and/or passwords regularly!