Website Security Mistakes: Is Your Website Up To No Good?
Sometimes your website might be engaging in unsafe practices without your knowledge, don’t let common website security mistakes take you down.
Are these security mistakes placing your website at risk?
It’s estimated that some 30,000 websites are hacked and used for the purpose of distributing malicious software every day, according to an article published by Forbes.
Allowing your website to become infected with malicious code could have wide-reaching ramifications. Aside from having your site’s brand name associated with the hack, search engines like Google may respond by removing your site from their index.
Take a look at some of the most common website security mistakes made by webmasters listed below.
Not Using SSL on E-Commerce Websites
Assuming your website sells a product or service – and it collects visitors’ credit/debit card data – you’ll need to protect it with SSL encryption. Known as Secure Sockets Layer (SSL), this protective measure encrypts your site’s traffic, ensuring that only the intended recipient (you) can see the data. SSL isn’t just a luxury; it’s a necessity for websites that collect sensitive financial information from their visitors.
Internet giant, Google, has already made it’s statement heard when it signaled its preference for HTTPS websites calling for HTTPS to be “everywhere” on the web during its 2014 I/O conference and when it announced that it would rank encrypted sites higher in search results.
Running an Outdated Content Management System
Content management systems (CMS) like WordPress, Joomla and Drupal can be used to create fully functional websites or blogs without ever touching the code. But if you’re going to use a CMS, it’s essential that you keep it up to date. When a new version is released, download and install it a timely manner. Hackers often target websites running outdated CMS because they contain vulnerabilities that can be exploited.
According to statistics from Web Technology Surveys, the three platforms mentioned above combine to support over 75% of all CMS-powered websites currently online.
These platforms also share another less encouraging similarity: they are among the most common hacking targets on the Internet, so make sure it’s up to date!
With admin access there is no limit to the havoc that a hacker could cause. Don’t make the mistake of using the default “admin” username on your website. Many CMS platforms, including WordPress, use this name by default. As a result, these websites are easier to hack, as hackers must only identify the password. A smarter and safer idea is to create a unique username for your login and an entirely different “display” name.
Allowing Visitors to Upload Files
Generally speaking, it’s best to prohibit visitors from uploading files to your website. When file uploading is enabled, it poses a serious risk to your site’s security. Some visitors may upload photos or other traditional forms of media, whereas others may take advantage of this feature by uploading viruses – and don’t assume that restricting uploads to a specific file type will protect you from hack attacks. Files can often be spoofed to make them look like a specific format, even if it’s entirely different, nefarious format.
Every platform has it’s share of risks many of which stem from 3rd party development to expand the functionality of that platform through plugins and the like. Simply keeping your core cms and plugins up to date will eliminate the vast majority of your website’s security vulnerabilities.