Every business needs a website. Some try to get away with just a Facebook page, but proper businesses need a digital shopfront, even if it’s just an advert or contact portal.
If the website isn’t the heart of your business, as it would be if you were an online store or actually provide your service through the web, it is very easy to put your presence online and then forget about it.
This can happen even if you’ve used a third party specialist to build and host the site. Unless you have ongoing support to keep it up-to-date, your brand is at risk of being attacked and abused.
It’s said that currently around 30 per cent of the world’s website are powered by a product called WordPress. There are very good reasons for this, including the software being free! It’s also very flexible, manageable by non-technical people and can be endlessly extended and enhanced to fit any user’s particular needs.
There’s always a ‘but’ though, isn’t there?! Because it’s so popular it is a key target for those looking to break into sites and either take them over, hold the hostage or install their own software for nefarious purposes.
Attacked in 30 minutes
It’s said that a new WordPress installation on a web server can be detected by attackers within 30 minutes of going live. That means if it’s not properly locked down and protected in that time, it could be compromised before the site it’s going to run is even built!
This means that while WordPress can be installed with a mere mouse click from most commercial web hosting environments, it can be dangerous to do that if you don’t know how to secure it, which is far more involved.
The same is true, of course, for other platforms and services, none of which can be assumed to be 100 per cent secure, because they’re not.
It’s also a fact that once a website is up and running, it needs regular TLC to keep it safe. Many sites rely on plugins, third party pieces of software designed to do particular tasks. Just like the platform itself, they should be regularly updated by their developers to keep them up-to-date and secure against the latest threats or any that have been found to exist.
Manual checks are needed to make sure this is happening, as well as to spot whether a plugin might have been abandoned by its creator, meaning it’s no longer updated and can’t be considered safe anymore.
Quite a few products and services exist to provide protection to web content management systems, such as WordPress, and they will tell you when the site is under attack and where from (and every website gets probed by attackers looking for weaknesses all the time).
Your website is not a benign advert sitting quietly on the web. It is an active risk to your reputation and potentially to your business’s security and you need to ensure it is managed as such.
If yours needs a health check, it’s not a huge job and we’d be happy to talk to you.