By Mayenziwe Sibanda
Website security cannot be understated these days, the same level of security we implement on our physical premises and property has to be translated to the online realm since a website represents the company online. Today we have breaking news of websites in Zimbabwe being defaced, forced to propagate incriminating and potentially image damaging information, most notably a previous attack on the website of the Zimbabwe Stock Exchange.
The advent of the Interweb (Internet) has been a game changer in the modern battle for recognition, supremacy and brand reach all over the world spawning a frenzy of individuals, corporates and organisations jostling to become visible and accessible online. Unlike in the olden days, an entity is of little or no value when it is not available on the internet due to present-day audience’s demand for “information at their fingertips” (and that is just what the internet is) in order to make spontaneous and prudent decisions whenever the need arises.
That said, you may have already jumped onto the bandwagon and gotten yourself a website in order to get noticed out there and become more useful but have you ever considered the security of your website? Have you pondered on the ramifications of having your website hacked!? Granted; many website owners are ill prepared for the devastation that follows having your website disabled, defaced or worse- hijacked for the purposes of distributing illicit content.
A few basic spanners here will save your face, as we always say, it is better to delay and complicate the attack even if the attack is inevitable despite the sophistication of security.
Use strong SECRET passwords.
The greatest single threat to your website’s security is for someone else to have your usernames and passwords. This holds true whether your website is static or dynamic, and whether it uses custom written CMS (Content Management Systems) or any of the many popular flavours like Joomla and WordPress; whenever someone knows your credentials for accessing your website’s control panel that alien can and will have their way with your resources.
i) Set a strong password:
-ensure that the passphrase that you set is not a word or a concatenation of words in the dictionary. A passphrase like “myredeemerlives” will just not cut it in this day.
-use a mix of uppercase and lowercase letters, numerals and special symbols to make up your passphrase with a length of eight or more characters so that it will not be easy to guess.
ii) Keep the password secret:
-this can never be said enough. Never share your password with anybody. If you hire an entity to make updates and such on your website it is best to set a new password as soon as they are done.
Ensure that the resources you utilise are up to date.
This is a special case for the owners of website using popular online CMS. Updating the resources that your website relies on ensures that you are using systems that have been inoculated against presently known attacks and vulnerabilities, as well as being optimised for improved performance. Thanks to open source development such platforms benefit immensely from a network of skilled programmers that are slaving day and night to keep these platforms secure and optimum yet it is a wonder why users do not make the effort to update their web applications to the latest stable releases when they are deployed on the net.
i) Update the core CMS component
ii) Update all the plugins especially those from third parties that have been installed to customise functionality and purpose
ii) Ensure that your server also has the latest resources available
-the engine for most online CMS is notably an amalgamation of a Hypertext Pre-processor (php) as well as a database management system (mysql). Talk to your hosting provider to find out more about this.
Host your services on a secure platform.
It is not enough to just have a strong secret password when the server that is hosting your website and services is porous. Many other ingredients are involved that hinge on the robustness and protection that your hosting provider makes available to you to utilise. Make the effort to find out the reputation of your provider. Research on the options that they have available to bolster the security and recovery of your website. A good hosting provider should give you full reign to manage and update your passwords at will. A better provider will force you to set cryptic, hard-to-break passwords. The best providers will allow you to set explicit access permissions to files, folders and services to hide certain files from public use if those files can be used to hijack your website. Such providers will also typically log users that access files and make modifications, including what modifications were made.
Schedule regular backups.
Although this step will not influence the efficacy of your endeavour to secure your website it will prove to be invaluable when your website is actually hacked. Having a recent backup of your website’s files and/or database stored safely in a vault will enable you to quickly restore your service to a working state sooner rather than later. Depending on how often content is changed, experts reckon a single off-site backup every day will suffice, but other website needs may differ. It is also important to back up your website at the point before any updates are made to the website’s core files, plugins and enabling services like hosting.
Hire a professional.
Technology is a mouthful for the lay person who is the usual website owner like yourself. It can be quite a whirlwind when you try to wrap your hand around all the intricacies involved in protecting your website when you do not understand the underlying web. Consider engaging professionals to facilitate the smooth running of your website and its services including preventing it from being usurped. Let the professionals worry about the verbosity, jargon and complexities involved. Be in an agreement with them that holds them to task should things go wrong. Rest easy and rely on them to fix things and set the world back on course should the unthinkable happen. The experience and exposure that zimHosts.com has gained in the past is an invaluable asset to help you secure your digital world.
The writer, Mayenziwe Sibanda is a Project Manager at zimHosts.com and a hobbyists with TechnoMag,