Website security was, for a long time, a problem for the webmasters of big corporate sites, ecommerce sites or other mission critical sites to solve. Today it affects every website from the smallest blog to the biggest retailer.
In the last few years the Internet has seen an exponential rise in malicious activity against websites. This can range from a crude attempt to brute force user accounts or FTP accounts to sophisticated exploitation of cross-domain scripting vulnerabilities or poor code. Primarily it is about the monetization of other people’s property and resources but it can also be just maverick behavior, a bit of fun or simply showing off!
Hacked websites can be often used to advertise questionable content or recruited into a cluster of zombie sites and simply used as resources. They can have malicious content posted into them or simply ‘taken down’. None of these scenarios are going to be in any way beneficial to the owner of the site and can often destroy the reputation or trust that a site has. In real terms, all SEO with Google can be lost when the search engine detects that a site has been compromised.
Because of the number of malicious attempts we see against the sites we host, we recommend as a minimum, every website now needs the following:
- A web application firewall
- A strong password policy
- Strict permissions for key files
Additionally and ideally, also:
- Failed username / password lockout
- Regular scans for malicious code or core changes
- Real-time alerts for logins, changes or suspicious activity
- Weekly monitoring for upgrades
- Daily backups
- Disaster recovery
At Sans Frontiere we take website security very seriously and treat every site we build with the same level of protection, as standard. We also have options for additional layers of security should one of our clients wish to extend their protection even further.
To find out more about our in-house security policy, please get in touch.