Every day, cyber criminals compromise thousands of websites. They take advantage of technical vulnerabilities and human behaviour to inject malicious software onto computers, websites, and networks. Any website is vulnerable to badware infection.
Is your site more susceptible to attacks? How do you know?
Your software is out-of-date
Older versions of software (e.g. operating system, CMS, plugins, etc) can be affected by high-risk security vulnerabilities that enable attackers to compromise an entire site. Outdated or unpatched or no longer maintained software is a major source of vulnerabilities on websites.
You have unused scripts, plugins or other software
When removing a plugin, make sure to remove all its files from your server rather than simply disabling it.
You are using untrustworthy scripts or plugins
Plugins and themes on a CMS add valuable, enhanced functionality. Be extremely cautious of free plugins or themes from untrusted sites.
You have the wrong permissions set on your web server
If someone gains access to your site, that attacker can sometimes change your site so that they have access to your site even if you change the passwords.
Your site doesn’t utilize user permissions
User permissions are important so only a select number of users can perform potentially-malicious actions. Giving administrative access to users who don’t require is exposing your site to more risk.
Your site’s dashboard/control panel doesn’t use two-factor auth
Two-factor authentication will prevent intruders from getting access to your system even if your users’ passwords are stolen. Two-factor auth requires any user to have to enter a specially generated code before successfully logging in.
You are using FTP to move files to your server
Sensitive data, such as your login credentials, transferred via FTP is not typically encrypted. This can enable attackers to steal your login credentials or other important information.
Your site allows weak passwords
Allowing users to create weak passwords make it easy for hackers to get access to your site. Attackers can use different password guessing techniques until they guess the right one.
Your site is still using HTTP
Not enabling HTTPS on your site and allowing users to sign in using HTTP. HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers.
You allow file uploads
The first step in many attacks is to get some code to the system to be attacked. Allowing file uploads from unauthenticated users, or with no type checking is an easy way to help attackers fulfil this first requirement.
Bad coding practices
Permissive coding practices, such as SQL injections allow a hacker to add rogue commands to user input fields executed by your database.