In my job, I have seen a ton of hacking attempts and exploits targeting servers and websites. Most often, when someone is hacked it is because some part of their website has allowed for an injection into the code, or a remote file include (Yes, there are other methods, but these are by far the most common).
The reason why exploits like that are so common is because content management systems (like WordPress or Joomla) are fatally flawed. They were not designed with security as the primary goal, they were designed to be easy to use. Don’t get me wrong, Darksideofperfection.com is a WordPress Blog, and I think it is great, saved me days of work from the start, but the question is, how do you prevent yourself from becoming a victim of a hacker?
You could code your site from the ground up, doing hours of testing and debugging to get all aspects of your site to work how you want it, and still not have all the functions that a CMS provides, then start the gambit all over again when you want to add a feature or do a site redesign.Alternatively, you could start to make internet-savvy decisions about your site.
First start by choosing a CMS that is still actively being worked on and getting updated. Nothing is more infuriating then building your entire site, then finding out that some of its features wont work because it requires PHP4.6, and the server your on doesn’t provide php4 support. (FYI php4 was marked as obsolete in 2008.)
I recommend choosing one of the following CMS’ if they suit your needs : Joomla!, or WordPress. Both are relatively easy to learn, have regular updates, and a large community of active users in the forum.
Now, this brings us right back to the initial question, how to we prevent ourselves from being victims of hackers? We have already decided that coding our own site takes a lot of time that we don’t have, so we must take 3 steps to protect our sites.
- 1. Use Secure Passwords
- 2. Do Your Updates, regularly
- 3. Use a SecureLive plug-in
Steps one and two should be common sense to anyone who has used a computer for a while, but the third step may be new to people.
Securelive is a plugin that fills in the gaps where the CMS’ failed on security, and then blocks attempts to break into your website. The attacker’s IP address and other information is gathered and reported to you, and if you get the monitoring service, they will report the attacks on your behalf. To see it in action please click here.
I have, with the help of some of my co-workers tested this plug-in, and to say the least we are very impressed. It managed to block 100% of the hack attempts that we attempted against, and continues to block every new attack that we could think of.
Now if you are interested in reading more about SecureLive, visit their website https://www.securelive.net/
Good luck in your website endeavors!