Website Security

(Classified under: Security)

Posted on 5 February 2018

Regular readers of our newsletters are familiar with our fixation on all things security-related, and who better to be infatuated with security than your web-host?

Actually, that is a trick question!

Yes, it's great that we put lots of time and effort into maintaining a safe hosting environment for your business, but if you're running unsafe code on your website, our efforts may be vain...

Let's do a quick check of your website... Nothing too technically-difficult, I promise!

Check #1: Is your website loading securely?

Every CWS hosting account includes an SSL security certificate to help prevent eavesdropping on your website - your website just needs to be configured to use it. Let's check yours... Type your web address into a web browser - for example, I would type in www.cornerstoneweb.com - and then press the Enter key. Do you see a little green padlock in the address bar, and does your web address now have the characters https:// in front of your domain name? If not, then your website is not configured to load your content securely and it may be possible for content (including form submissions, login details and the like) to be seen in transit. If your website is not using an SSL certificate, then it's one-nil to the bad guys.

Checking your website's SSL certificate

Check #2: Go to the Login page of your website and deliberately enter the wrong details multiple times. How many attempts are you allowed before your website locks you out for a period of time? Websites that don't protect themselves from multiple incorrect login attempts are susceptible to Brute Force Attacks, and this is bad news for your site... and possibly for your business.

Check #3: When was the last time that your website was updated? I'm not talking about the last time you uploaded blog content or added a new product or two, I'm talking about the code that actually runs your website behind-the-scenes. Just like your own computer needs to be updated from time-to-time (Windows Updates, for example), so too your website needs updates on its code to keep it secure. This is particularly important for sites that run on Open Source Software, such as WordPress, where hackers can both inspect copies of your codebase and plugins, and also sign up to receive notifications of recently-discovered vulnerabilities. And then guess what they do next...? While it might not be your responsibility to physically perform such updates, as a business owner, you need to know that regular updates to patch vulnerabilities are being done within your organisation.

Check #4: As your Web Host, chances are you know how to reach us, but how about if we need to reach you? Are your contact details correct and up-to-date in case we need to contact you urgently? And are you (or we) able to contact your website developers if needed?

These are all very simple questions, but how did you go? Food for thought, perhaps?

If you are at all concerned (even just a little bit), then please do something about it right now. After your website has been hacked is too late!

We've put together some more checks and tips for securing your website that we believe you and your website developer will find useful.


This article appeared in our February 2018 Newsletter.


NB: Information presented here is general in nature, does not take into account your particular situation and should not be used in place of professional IT consultation.