Magento WordPress Web Hosting Security

Magento & WordPress Website Hosting Security is essential for any website and should be one of your top priorities no matter what your business is.

If you haven’t already taken steps to secure your Magento WordPress website then your website will be at risk. More than 30,000 websites get hacked each day and 43% of those “cyber-crimes” target small business’/ websites.

Your website MUST be security patched and WordPress or Magento updated regularly, in fact, this should be monitored daily. If this is something that you are already doing, then you need to make sure you keep doing it regularly in order to keep your website safe. Website security needs to be one of your top priorities.

You mustn’t just assume that it won’t happen to you. That kind of thing only happens to other people, right? But the truth is, if you haven’t taken all the necessary steps to prevent a breach, then you and your site are vulnerable.

When your website is secure, cyber criminals will have a hard time hacking into it. Therefore they’ll give up and move on to another website that is less secure. And let’s face it, it doesn’t look like cyber criminals are going to stop any time soon.

Why do Hackers target sites?

“I don’t keep users details on my site. I don’t sell on my site. No-one would hack me!” Sound familiar? There are many reasons hackers break into websites. Yes if you are an ecommerce website they want to access payment details. They want to steal user data, names, telephone numbers. And if you are silly enough to store credit card details, they want those too.

For non-ecommerce website, there are still many reasons. Some do it for fun/ the thrill. Others do it so that they can capture what you and your visitors type, for example; when logging into the site. Many people use the same usernames and passwords for all of their accounts. If a hacker can intercept your details they can potentially log into all of your accounts, including social media.

Other hackers insert links into websites. Let’s say you sell fashion products, a hacker will sell links from your website to other websites selling fashion items. Links from one site to another site give the landing site page credibility. Your site is helping unscrupulous sellers gain credibility. This is a big business for hackers, as these links are financially beneficial.

Some hackers break into your website to use the email side of the website to send thousands of spoof emails using your server, which can often end in your website being blacklisted.

The message is keep your WordPress and Magento websites updated and always install the latest security patches.

Why my website

The most important thing to remember is that it isn’t personal. Hackers don’t care about you. They do not know you, in many cases the Magento WordPress websites they choose to hack are random. But others are more clinical and target websites where the links will give them a good income.

Here are the main 3 ways in which your site can be compromised:

  • Hackers will upload a script that uses your server to send spam email to hundreds of emails every day. Until your hosting provider shuts it down.
  • They will redirect traffic coming from search engines to their money maker websites. These sites will be branded with your colours and logo, so that visitors think they in the right place.
  • Have you ever visited a website to have a message pop up that says you need to update your Flash player? And when you click on it, you end up with a virus on your computer? That is one way that the virus gets planted, from hacked websites.

By understanding how security is compromised, and what hackers are looking for, you can better understand the security technology used by hosting providers and what you can do to improve the security of your own website.

While your web hosting provider and data centres put in a great deal of effort and expense to keep your data secure, some of the responsibility does fall on you to ensure your data (and the private data for your customers) remains secure.

Here’s a rundown of what you should do to improve protection:

Patch outdated software

Whether you have a custom site or a content management system like WordPress, you need to keep all scripts and software up to date. Patches often address security concerns found in older versions. And if you fail to update, you leave your site vulnerable to attack. Make sure plugins, extensions, applications, shopping carts, and even templates are included in regular updates and site maintenance to reduce vulnerabilities.

Passwords must be strong

A strong password is the key to avoiding intrusion from brute force attacks. You should address a number of factors including the length and complexity of passwords. 10 characters, letters and numbers, special characters, uppercase lower case. How often passwords are changed/updated (i.e., every 90 days). How passwords are stored (especially with mobile devices), etc. Adopt a password policy and maintain it strictly throughout your business.

Use an application like ‘1Password’ this allows you to store random passwords that are hard to guess and remember. You install this app on your computers and mobile devices and it will allow you to automatically log into any websites you use.

Don’t repeat passwords, every website that you use, every app and every device you log into should have a different password. If a hacker gets access to your password and it’s the same on all of your websites or applications, it will be easy for them to log into your applications.

Use 2 Factor Authentication

This basically means that you have to take a second action to access your websites admin dashboard. This can be a code (checkout Google Authenticator), or a message sent to your phone to confirm it is you. There are several variations that could be used.

Use domain privacy

While domain privacy may not seem like a critical security issue, the less information an attacker has the better. Domain privacy masks the who-is data (a website that tells anyone who owns a website) for a website, including personal contact information and location data, all of which could be used maliciously.

Install anti-virus software

Your local computers should all be equipped with anti-virus software in order to protect your data and your website. This software can prevent malicious programs like keyloggers and trojans giving hackers access to your business systems where proprietary information is stored.

Monitor your website

If you monitor the website it will let you know when something strange is going on. You can configure the monitoring to send you emails when your site starts performing in an unusual way. If you receive an email to say the site is receiving high volumes of traffic and this is not normal, it could be a hackers attempting to break into the website. If you do not monitor your website you will never know.

Audit your site for vulnerabilities

Since websites often feature custom code in various forms, it’s a good idea to perform regular audits on your site. This doesn’t need to be done manually. There’s no shortage of software and tools online that can be used to scan your website for vulnerabilities. Keep in mind that no tool is 100% reliable; the best approach to security audits is to work with a professional who can provide a detailed review of your site and explain the steps you need to take to secure your website.

Do regular backups

Reputable website hosting companies provide automated backups, but never trust in the system to keep your data secure. Create a schedule for regular manual backups of your site data including databases. Your hosting provider should offer an option within your hosting control panel to create manual backups. Once you have a schedule created be sure to stick to it.

Use 2 factor authentication

For eCommerce websites, you want to take every extra step to maximize security, especially when it comes to consumer data. Be sure to include an Address Verification System (AVS) and Credit Verification Value (CVV) fields in your checkout. Make sure the credit card company is using 2 Factor authentication and implement this (from September 2021 you can no longer accept credit card payments in Europe without it). Add as many measures as you can to protect you, your customers and your website, if you do, fraudulent attempts are far less likely to succeed.

To conclude

Just because you operate a small website, doesn’t mean you won’t have to worry about hacks, hijacks, or intrusion. The traffic to your website, customer data, and your connection to other users are all valuable to hackers. And that makes all websites a potential target.

No website will ever be 100% protected, not until the world finds a strategy to deal with hackers, which is unlikely any time soon.

Choosing the right hosting provider offering a robust suite of security features in combination with proactively securing your website and data, are the best ways to mitigate risk, close vulnerabilities, and protect your business website.

Avoid hosting and web development companies where you cannot talk a real person, if you think your website is being attacked, you need to be able to talk to someone to help.