Security Fundamentals

The bad news is that your organization’s website is at risk, because they all are. There are plenty of people out there with devious intentions whose aim is to embarrass you and steal you and your users information.  I have seen many variations of this in my time as a developer, some of them due to my lack of experience at the time.  In this article I will give you an overview of the most common ways you can protect yourself from threats.  I will expand on all of these topics in later posts but I wanted to start with an overview.  So lets begin.

Threat #1: Passwords

You have passwords for your website (if you are using a CMS like WordPress), email accounts, computers, FTP, social media accounts and more.  The easiest way to protect yourself is to have strong passwords.  An example of a weak password is something like: password123.  Now I have not personally seen a password this week, but in my time I have seen passwords almost as week.  What you are aiming for is a strong combination of Uppercase, lowercase, digits and special characters.  The longer the better.  As an example our week password from above, password123 could be made much more secure if it were pa$sWord123.  However, I still wouldn’t use that.  It’s still too obvious.

Threat #2: Insecure Sites

The second threat is an insecure site, specifically yours.  What you need to do is to never enter any sensitive date into a website that is not running on HTTPS with a  valid security certificate.  And by sensitive date I mean passwords, credit card numbers, driver license number, social security number or anything you don’t want to be made public.  Your should be running your site over HTTPS vs HTTP because HTTPS encrypts the data between the client (your device) and the server, which makes it much more difficult to steal.  Fortunety, running over HTTPS is not hard too do and I’ll show you how in a later post.

Threat #3: External Threat

The external threat are those individuals with malicious intent, that intend to cause harm on your website and to your organization.  There are too many varieties of this to mention but the best things I recommend are related to your website setup. The first is to purchase and run anti-malware software on your web host.  This is essentially the hosting equivalent of anti-virus software for your computer.  The second is to run security plugins on your website that are finely tuned to detect threats such a brute force attack.

Threat #4: Internal Threat

The internal threat are those individuals in your organization that can harm your site but do so unintentionally and not out of malicious intent.  Typically these people accidentally break something they should not have been given access to in the first place.  This is an easy one to prevent.  Your administrator should limit user permissions so that users can edit what is necessary for them to perform their role and nothing more.  For example, if someone in your organization is only responsibility is for posting articles they should not have the ability to add and remove plugins, update themes, etc.