Unless you're already a security buff, chances are you're concerned about security because you have evidence of a breach (anecdotal, even) and don't want this to happen again. Welcome! And I'm sorry that happened.
Have you experienced unauthorized user activity on your website? Unauthorized code appearing on your website front end or spam posts? Did a bad actor take down your website? (no offense to these guys) None of this matters - what matters is: are you looking to prevent this from happening ever again?
We don't need to know how hackers got in or why, or what they did, or any of that. We start over with software choices will prevent most of this activity out of the box, and the rest of it with smart configs and monitoring. We use commercially maintained open-source and enterprise systems that use security as a design principle. This is our standard. Leave the security concerns entirely behind with the same website if you like! We are ready to go.
Concerns with Website Security
You wouldn't let hackers get into your money - so don't let them get your web property.
Code that gets hacked - when your software isn't designed for security, there's always a new way to get in.
A history of attacks - especially where the same attacks appear to be on repeat. Yes, hackers simplify their "work" with lists. Your website could be on one.
Unmaintained software - if you haven't had the ability to perform a software update in a year or longer, you could be at very high risk.
Failures with Website Security
When it comes to website security, standards are entirely too low. Far too little is done by too few people to change this.
White pages or phantom pages - A hacker who breaks in might take down your site, add an advertisement injection, or quietly observe and collect. They might even place a redirect to point to their "haha, I got you" page. Fun fact: this happened to me many years ago.
Unauthorized plugins or posts- Oh, that's new. Did you put that there? Do you know what it does?
Unsafe browsing and transactions - if someone is in there sniffing around and not completely taking over, chances are the information coming through your website is what they are after. This makes all e-commerce on your website unsafe.
Stolen identity, etc etc - Hackers use information however they please. They may be building a new database or furnishing more information on an existing one. They or someone who buys it may have big plans for this information. Don't be at risk in their mess.
Solving Website Security issues
While it's possible (and sometimes a great idea) to use a monitoring service that can assess your risk in great detail, a better first step can be to eliminate most of the up-frot risk posed by your current situation:
Use a software that's designed for security If it sounds too good to be true, it's because substandard practices around security are the norm and this standard is generally seen as non-existant. Not true. If your website is experiencing the attention and traffic that begets security measures, it's ready for a secure, stable CMS, even if you keep the same front-end design.
Use a password manager If you don't have to remember your password, all of your passwords can be unique and tough to figure out.
Read software update text Developers will reveal security fixes in the details about your software update. The more secure the software, the more details will be provided.
Layer your efforts Use all techniques available to you to keep bad actors out. Don't just choose your favorites. If you can rename a page for security or place it below the document root, do both. This is one place where you can strictly avoid deciding between two things.
How Aquarian can help solve Security issues
When a new client approaches us with a website experiencing issues with security, we know a few things already:
- This is not their first rodeo.
- They may have already sought out quick, non-structural solutions.
- There may be an imperative in the organization to "get back to normal," or "just fix it."
Aquarian can provide secure software for your website. We can quickly move a WordPress or Joomla! website to secure software. We use both ExpressionEngine and Craft CMS - the one we choose will likely be related to the direction the company is headed in the future. Breaking out of a one-size-fits-all CMS opens up questions about hows and whys that Aquarian routinely asks clients for answers on. We listen for all of these points in all of our meetings and we take our distillations of these points right to the code, revealing them to you as we go along. It's not just addressing security, it's getting your low-footprint, secure website right the first time, changing your business. As optimizers, we are constantly coming up with ways to improve how websites are organized in the control panel, and noticing one-size-fits-all features that are better suited as individuals. By the time we are done with our process, you will be very familiar with our choices and understand how we applied our expertise.