Websites … the forgotten attack vector

Websites … the forgotten attack vector

In September 2023, someone hacked Pizza Hut … Do you think they were after a few free pizzas?  Probably not.  They were looking for client data. So, what’s that got to do with your website?

Websites … the forgotten attack vector

For the moment, lets assume the best scenarios where your website doesn’t even contain client data.

What’s the risk? … 

    • A hacked website might contain code that can compromise a client (or your) computer by executing malicious code in their environment.
    • Cybercriminals take control of your website posting deceptive content which may compromise your integrity
    • Content modifications may redirect clients to inappropriate or competing sites
    • Loss of control of your own website
    • Defacing, deleting, or otherwise ruining the website
    • Using your resources and/or domain name to send illicit emails

Here’s my top 10 tips on how to protect your business by protecting your website …


Protection Factor #1: Website Hardening

  • Daily Security scans for infections or component vulnerabilities.
  • Daily backups and historical recovery positions.
  • Web application firewalls and global edge security
  • Regular health checks


Protection Factor #2 – Patching & Updates

Plugins, themes & content management core components need to be updated regularly.  No Update Available? … No, this does not mean the plugin is safe. It simply means there’s no update.
Also check that your hosters are updating database engines and scripting technologies behind the scenes.

web security issues and solutions feature 940x588 1

Protection Factor #5 – SSL Certificates are a neccesity, not a nice to have

The little lock icon !  You MUST have this.  Purchase a secure socket layer certificate. This will protect your data, protect your clients and boost your SEO rankings.  Have an expert recommend the right type of certificate for you.

Protection Factor #6 – Smart Passwords + 2 Factor Authentication

Like all passwords, your website passwords must be secure and complex.  Turn on multi-factor authentication where possible.  Change usernames from default or simple forms to something more complex.  Weak usernames can be as much a threat to your security as weak passwords.

W Backup

Protection Factor #9 – Securing submission forms

Structured query language (SQL) injection as well as Cross-Site Scripting (XSS)s are techniques used by hackers to compromise your data and your website. Validation of form fields to remove symbols capable of executing queries can limit your exposure to these attack vectors.

WebSecurity forSSLStore 1024x768 1

Protection Factor #3 – Ownership

Don’t leave your site in the wrong hands. Ensure that people who have access and control over your website are knowledgeable and experienced at site protection.  This is often not the case with marketing and designer resources.

Protection Factor #4 – Minimalistic Access Approach

Give people, even internal staff, access only to the parts and components they need.  For example, if they just add and edit content then don’t let them install plugins.  If they only write blogs then don’t let them add new pages.
Apply this theory to ALL data in your business.


Protection Factor #7 – Web Application Firewall

Sitting between your website and the world, this additional layer reads all data passed and blocks hack attempts and filters out unwanted traffic like spammers and malicious bots.
This is a critical factor that can, and should, be provided by your hosting layer.

Protection Factor #8 – Secure Web Hosting

Check the security features offered by your hoster … 

  • Does the web host offer a Secure File Transfer Protocol (SFTP)? SFTP.
  • Is FTP Use by Unknown User disabled?
  • Does it use a Rootkit Scanner?
  • Does it offer file backup services?
  • How well do they keep up to date on security upgrades?

Protection Factor #10 – Backup Often

Give yourself a fast recovery position.  Determine if onboard backups are sufficient.  You may choose to keep a copy off the main hosting server and in your own hands (recommended).