Website Security: More Than Just Updates

Many sites administrators think all it takes to stay secure is installing regular updates.

It’s a good start, but far from the only steps a webmaster should take to protect their site. From updates to removing plugins, themes and other files that you don’t use, you have quite a few regular security tasks to consider.

Creating a checklist of tasks is vital to keeping up with website security maintenance. Consider this as just another part of running a successful site.

Working With CMS Updates

CMS updates are simple, right? It’s not as easy as pressing a button and you’re done. Whether you use WordPress, Joomla, Drupal or any other CMS, you have to consider how an update affects your site. Plus, you have to think about patches in addition to major updates.

The simple answer for many sites is to hold off on CMS updates to see how they affect other sites or to prevent having to deal with any changes to their own site. This is a good idea in theory, but hackers love to exploit outdated software. In fact, one journalist easily found several videos on hacking outdated WordPress sites along with blogs showcasing seven different ways to hack older WordPress software.

Every CMS update must include a thorough test of the site to ensure all plugins, themes, extensions and scripts are compatible. The last thing you want is to update to a more secure version only to expose your site to more issues such compatibility issues. No matter what you do, you need to install security updates or you’re putting your site at risk.

Finding Reliable Hosting

When it comes to hosting, most site owners are concerned with performance or cost over security. Performance doesn’t matter when your site gets hacked. If your visitors’ computers are hijacked because your site was compromised, it’ll ruin your site’s reputation. You need to focus on reliable hosting versus strictly budget friendly plans.

Start by choosing a host that provides redundant load balancing environments. Load balancing not only helps with performance, but security as well. Since the load is balanced among many different servers, it’s more difficult for hackers to find the main server. These environments also provide only a single point of entry, reducing the chance of attack. Some load balancing environments offer additional protection by detecting and preventing denial of service attacks (DoS).

Saving money is important, but not at the expense of your site’s security. A budget hosting plan looks good until you dig deeper into the feature set. Often times, all you get is basic hosting. You don’t have access to backups, a firewall, security software or updates. Even worse, that cheaper plan could equal shared hosting which means your site could be compromised because another site on the same server was hacked.

The better alternative is to pay a little more for premium hosting. These plans include security features such as automatic backups, update installations, firewalls, anti-virus, encryption, dedicated IP addresses, SSL certificates and much more. The cost is actually cheaper than budget hosting because everything’s already included.

Removing The Excess

How many plugins, modules and themes have you installed, but no longer use? These leftovers from don’t just take up space. They create vulnerabilities in your site. Odds are, you’re not updating what you’re no longer using.

It’s easy to accumulate all these extras. The problem is most plugins and themes don’t automatically update. You might stay on top of updating the ones you’re currently using. Any outdated software stored on your server provides potential entry points for hackers.

Take time to go through your list of themes, plugins and modules. Delete any you no longer need. Remember to keep the default theme as this is usually required by your CMS. It’s also a fallback if you accidentally delete your current theme or it becomes corrupted. All the excess you have installed is just more security issues you don’t want to have to deal with. You can always reinstall them if you need them later.

Conclusion

Deciding how and when to update, finding the right hosting plan and performing some site housekeeping are all part of regular security maintenance. Of course, that’s not all that’s involved. If it was that easy, no site would ever get hacked. Luckily, there’s much more you can do to secure your website.

Need help cleaning up your site and installing updates properly? Let us here at FatLab take care of the heavy lifting for you.

photo: Yuri Samoilov