Customer Support: 1.866.933.9800

Sales Questions: 1.866.469.6120

Is your website secure?

How do I know if my website is secure?
Unfortunately we do not have nearly enough clients ask us this question. Once a website is built there are continuous updates that need to be done to maintain a certain security level, but this does depend on how it was created. Typically a website is built in one of two ways; hand coding using HTML (HyperText Markup Language) and PHP or using a CMS (Content Management System) such as Joomla, Magento and Wordpress. Security standards have changed over the years; therefore, if your website was built 5 years ago or more, you should really consider having it redesigned using a CMS, which are typically more secure.

How many malware variants and viruses are on the web?
There are a number of malicious attempts to access websites and web servers each day. Below are the results from recent studies done on website security.

  • 700,000 new malware variants are released on a daily basis
  • more than 3,000 new malicious websites are created every day
  • more than 9,600 websites are blacklisted by search engines every day
  • 60% of top Google search terms deliver users to malicious sites in the first 100 results
  • 1 in every 100 tweets are malicious
  • 1 in 60 Facebook posts are malicious
  • 75% of hosted sites in the world are vulnerable to malicious attacks

How can I secure my website?
Having a secure website is very important as it protects your website from malicious attacks and hackers, who can adversely affect your business. There are a number of things you can do to protect your online business.

1. Keep up to date on security patches.
If your developer hand coded the website, it will take considerably more effort to keep your website secure and it is recommended you have your developer maintain this for you, unless you are a programming expert. Websites built with a CMS are less vulnerable to hackers and spammers as they are open source scripts that are constantly being updated by the large network of programmers in the world that contribute to those projects. In Joomla as an example, update alerts will appear in your control panel automatically when they become available and can usually be completed with a single click. When there are major updates or version changes to a CMS, you may be required to upgrade to the new version to maintain the right security levels on your account.

2. Use a strong password.
Passwords similar to 'password123' or 'website123' are not secure enough and leave your website vulnerable to attacks. The password you choose should be at least eight characters long and use a combination of lower case letters, upper case letters, numbers and special characters. There are a number of websites and online tools available for you to check the security level of your passwords. At BlackSun, we frequently use www.passwordmeter.com to assist clients choose secure passwords for their account.

3. Use a random database table prefix.
If PHP or a CMS is being used to develop your website you will want to ensure your developers are using a random database table prefix. As an example, WordPress sets a default table prefix of 'wp' so you may want to use 'wp_17'. If this is not changed during the installation process it is easier for hackers to find the information listed in your database as they are looking for a specific table prefix.

4. Set the proper file and folder permissions.
File and folder permission are based on three classes; User, Group and Other, as well as three levels of access; Read ('r'), Write ('w') and Execute ('x'). Permissions are set numerically to allow and restrict access for each file and folder. Below is a summary of the individual numerical values.

0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write, and execute

We find when a website gets hacked it is usually due to improper permissions being setup for files and folders. It is recommended your website files have the permissions '644' and folders are set to '755'. Files or folders that have permissions set to '777' are completely open and vulnerable to attack.

5. Use a .htaccess file.
A .htaccess (hypertext access) file is used to restrict access to particular files or folders on a web server and can also be used to override specific server configuration settings. This file can also be used to restrict specific IP addresses from being able to access the files on your website.

6. Use a third party service to monitor your website.
We recommend our clients use SiteLock to scan their websites for vulnerabilities. SiteLock monitors websites for the following issues and sends an instant alert to the website owner when it is identified there is an issue with:

  • search engine/browser blacklisting
  • spam blacklisting
  • application vulnerabilities
  • SQL injection vulnerabilities
  • Cross-Site Scriptiong (XSS) vulnerabilities
  • website and application viruses
  • network vulnerabilities

It is very important that you take the necessary steps involved to secure your website. A hacked or blacklisted website can reflect poorly on your brand and business. Speak to your web developer and web hosting provider for more information on steps you can take to secure your website.