With the recent hack of password keeper, LastPass, the security of websites has become a point of focus. Though the details of this hack are not published, there are some precautions everyone can take. Here are a few:
1) Reduce the risk not eliminate the risk.
The misconception out there is that if you install a security plug-in on your WordPress site you will never have to face a security issue. This could not be farther from the truth and is an absolute myth.
Not having anything to protect yourself is more dangerous. Trying to eliminate all attacks completely is impossible. In the age of malware, botnet and attacks from overseas hacker groups, you’re going to face at some point a security problem. The best thing you can do to minimize damage, or the attacks, is to invested in security for your website.
2) Select trusted online resources for things like Plugins and Themes.
A good rule of thumb is if it’s free it is probably not secure. Unfortunately this goes for most all the plug-ins in themes in the WordPress repository.
While I’ve seen very strict standards for themes, I haven’t seen equally strict standards for plug-ins. Make sure you follow this guide when selecting a plug-in.
3) Website owners are the primary vulnerability.
Having a website is a responsibility. As a business owner that has invested money and time into their website, leaving that responsibility professionals is the smartest thing that you can do. Websites are not static they are dynamic. Meaning, it is like owning a car, but never changing the oil and expecting it to run for the life of the car. Regular maintenance by professional is going to be required.
If you have a website and you’re not maintaining it by updating your theme or your plug-ins, you run the risk of an attack. Moreover your computer can be a cesspool of malware and the moment you try to login to your website that malware recognizes that login and immediately begins to go to work on it.
So have antivirus software on your machine and stay away from sites that seem a little shady.
4) Hosting is just as important as what your website is built on.
In my career personally I have helped people repair websites they were hosting on a shared hosting account like GoDaddy or bluehost.
Those services are fine for blogs, but the moment you try to run a corporate website on them you’ll begin to run out of resources as your traffic increases. If there’s an attack on the site there is absolutely no guarantee and usually no help for you to cover the cost of repairs.
Again, it’s like driving a car with only liability insurance. The other guy’s okay but you will need to go shopping for a new car out-of-pocket.
5) The importance of good password management cannot be over emphasized.
I think this point pretty much sums itself up.
Security is not a singular event or action, but rather a combination of talented, experienced people and technology. Be on guard and be smart. As other hacks have shown, the consequences can be destructive to your business (Sony hacking story).