The main security risk of having a website is being hacked. Many believe that since their website is not in limelight, or since it does not hold any sensitive information it is not a target of the fraudsters.
Get your notions corrected. Hackers are after everything that your website has. They might hack a website to host and transfer warez and other forms of illegal files, so that they can use free bandwidth, which you pay for. Or they can simply hack websites to inject links for black hat SEO or to inject malware and infect your visitors so that they can use them as bots during a distributed hack or denial of service attack.
A very recent US blog post reported, “We did a detailed analysis of the attack pattern and found out that most of the attack was originating from [content management systems] (mostly WordPress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.”
We are not safe, not at all with a CMS (content management system) at hand. In this article we shall discuss three most famous and widely used CMS, their recent security attacks as well aa methods to strengthen our relationship with them.
WordPress is the biggest blogging platform in the world. It hosts over 18 million blogs, and is used by over 13 percent of the wold’s million biggest websites. WordPress is so easy to use that the number of non technical people who have their own websites and blogs has drastically increased. Malicious hackers are aware of this and thus use it to their advantage. Let us discuss the security attacks that WordPress has faced in recent times.
- In March’11, WordPress was hit by a massive Distributed Denial of Service (DDoS) attack, where thousands of blogs went down. The attack involved tens of millions of packets per second and reportedly lasted for about two hours. WordPress says it’s the biggest attack till date. The size indicates that it was launched by a major botnet. The users said that the site had been running unusually for three long days.
- On April’13, security analysts had detected an ongoing attack that allegedly used a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application. The hackers were using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services simultaneously reported. The attack was a highly distributed one.
- In March’14, with some conventional trickery, hackers were able to get more than 162,000 legitimate WordPress-powered Web sites to mount a distributed-denial-of-service attack against another Web site. It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server. All queries had a random value that bypassed their cache and forced a full page reload every single time. It was killing their server pretty fast. Probably by now we realize that being a blogger, we need to secure ourselves in the best possible way to prevent issues like less traffic and Google banning our blogs that would make all efforts go in vain.
- Choose Your Web Host Critically: The choice of a web host helps to tighten the security features of your blog. The shared hosting option is often considered to be the most economical option for small business websites because of the lower charges. Make sure you are not lumped together with hundreds of other sites.
- Backup your WordPress Database: No security measure is full-proof. Therefore, you must be prepared for the worst by regularly backing up your WordPress Database. The database includes all the contents- posts, comments and pages. There are several free plug-ins you can use to take automatic backups of your website.
- Restrict Login Allowance: The original admin account is one of the security loopholes most hackers exploit. Delete it and create a new one. Do not allow too many people to log in to your WordPress dashboard as well as the number of apps one can access.
- Update Themes and Plug-ins from Trusted Website: WordPress keeps alerting you on updates; the main purpose is to add new features as well as fix bugs and security loopholes in the existing versions. Therefore, one should upgrade themes and plug-ins as soon as they are made available but from a trusted site only.
- Fortify your access with Strong Password and Change it Frequently: A strong password is one that includes a string of letters (uppercase and lowercase), numbers and symbols as they are most difficult to guess. It should be minimum 10 characters long. Decide it carefully and make sure you change them on a regular basis.[box] If you have a WordPress blog, take our 15 Second Scan to check how secure your blog is! [/box]