Website security has become a major issue for companies. Despite the fact that basic precautions should be taken to avoid being vulnerable to hacking and attacks, websites are at risk.
If we take the time to address this subject, it is because we had to act in such circumstances this year. Alexem Studio has always paid very close attention to the security of its websites. Unfortunately, the types of hacks and the techniques employed are increasingly diverse and pernicious. Which means that when you get hit, it’s a real race against time to stop the damage as quickly as possible. Alexem Studio can help you counterattack and limit the damage. But do you know what? The ideal is prevention! In addition to the basic steps that we already apply, there are options to put in place to act as armor against attacks. We tell you about it to raise your awareness and invite you to invest in your safety.
Why secure WordPress
“With great powers come great responsibilities”
WordPress is the most widely used CMS ( C ontent M anagement S ystem ) in the world (34% of sites worldwide use it)! At the same time, this great popularity also means that each month, 1 million WordPress sites are victims of hacking. We are not necessarily talking about attacks having an extremely dramatic impact for companies: the extent of the damage can range from very low to very high (a bit like water damage!). In the best case, the hack will waste a few minutes or a few hours of work for your programmer. who will need to access / find / restore / clean / the site. In the worst case, you could lose data or have it compromised.
What is getting hacked?
WordPress is a great option with endless possibilities for building your website. That being said, it is this same popularity that makes sites developed on this platform more likely to be victims of hacking . WordPress and the many extensions attached to it are both its strength and its weakness : they allow great flexibility, but they are constantly evolving. While it brings great new features and improvements, it also gives malicious software the opportunity to find a new flaw, a gateway to your site, every day. Not to mention that the different types of threats are multiplying.
By the way, when we talk about hacking, we are not just talking about the action of a single malicious person acting against you specifically… And although there are people behind all the hacks , they develop code instead (bot(s) : programs or scripts) intended to infiltrate and infect sites in an automated way. A technique that does a lot of damage is, for example, to target a very popular extension, and go through a weakness of the latter to penetrate all the sites (or devices) using it.
Why are sites attacked?
We have therefore established that these are not really personal attacks. So why are they made? According to Wordfence, here are some reasons :
- To send spam through your site and domain email
- To host malicious content (drugs, pornography) safe from filters.
- To steal data (especially client emails and passwords, which can then be reused elsewhere — that’s why your passwords must be unique, but we’ll come back to this)
- To spam !
How to secure WordPress?
There are several “basic” ways to secure a site, and Alexem Studio strictly respects them. We take nothing lightly, because we know that the damage can be dramatic for companies, and possibly for their customers, by extension. We also want to save ourselves from avoidable trouble, let’s say it!
Here are some very important rules that we apply for all our customers.
1. Back up frequently
Alexem Studio performs daily backup of all sites created and maintained on our hosting plans. In this case, if a problem occurs and, for example, the site is compromised or parts of it are deleted, we can restore to a previous version before the hack.
2. Update regularly
Updates are carried out systematically. Both WordPress updates and those of its extensions. New versions are installed quickly after release. At the server level, our host also maintains the systems (PHP and MySQL) at their latest versions.
It is mainly when an update is not made that robots can find flaws and take advantage of a security weakness to attack your site. By performing regular updates, we block opportunities for malicious robots and keep your site safe.
3. Secure administrator accounts
Which means… COMPLEX AND DIFFERENT PASSWORDS! Applications exist to generate very complex one-time passwords, and some are available right in your browser. Do not wait any longer and use them. And this advice applies just as much to your WordPress administrator account as it does to your other online accounts. On the web, nothing should be taken lightly (the many cyberattacks on large companies that we know well will prove it to you!). If an email associated with your site and a password that is also associated with it were leaked in a data theft, it will not be long before these same login details will be used to access your site against your will.
4. Use only reliable, reputable, and regularly maintained (premium) extensions.
Alexem Studio pays particular attention to the choice of modules and features installed. Even if we cannot guarantee the future, we consider not to take unnecessary risks. By paying for the premium version of this software for your site (called extensions), we also ensure effective monitoring and an update from the developer of the extension as soon as possible if a vulnerability is detected.
Note, however, that the extensions that make up your site can become vulnerable at any time, even if they were created by reliable designers. In the same way that your new LG fridge can let you go overnight ( been there …)
5. Install an extra layer of security via a reputable security plugin
Many software exist to add security protection to your website. They offer several features to increase the security of your site against known threats. These extensions keep a constant watch, and although limited in their free version, they can at least alert us when a problem is on the horizon.
Some have free versions : WordFence, JetPack, All in One WP Security, Sucuri, Defender Pro etc.
Be careful though : these software do some of the work, but not all, and when something is detected, additional actions must be taken.
How to do more?
Beyond these good practices, sneak attacks can happen. That’s why Alexem Studio now offers a premium security package. While the steps outlined above will continue to be prioritized and performed with rigor, the web today is considered to require an even more powerful level of hack blocker.
Here are 2 new services — premium security measures — that Alexem Studio highly recommends. The first is a set of additional measures to be implemented by your web designer and the second comes as an add-on to your monthly hosting and maintenance plan. The two go hand in hand!
EXTRA security package
- Implement HTTP authentication on the administration area.
- Review directories file permissions and limit them as much as possible
- Change WP Login URL
As recommended by Astra Security
Monthly service EXTRA Protection + Warranty
Alexem Studio offers the Astra Security service, which provides constant and automated protection against attacks and a disinfection policy after an incident. You’ll get 24-hour monitoring and guaranteed peace of mind. We take care of the implementation from A to Z: you can sleep soundly.
When it’s too late…
When security measures are not all in place, attacks can occur. In this case, one must restore and disinfect everything, at the risk of losing data, commands and breaking sections of the site in the process.
It can mean a considerable number of hours of work to fix the problems and to recreate what was broken.
If your site is hacked out of warranty, the costs incurred (in hours) for disinfecting and restoring your site to a safe version can be significant. We are talking about several hundred dollars and more depending on the extent of the damage.
Finally…
Should you pay a small monthly amount to avoid the worst, or pay a large amount only if you are a victim of hacking? Ah, this question that makes you think of insurance!
In fact, opinions may differ and we will respect the choice of companies.
On the other hand, it is necessary to put several elements in the equation, to make a good decision. For instance :
- Your customers : what impact can a hack causing a service interruption or worse, a data theft, have on your customers and on your future relationships?
- The income generated by your site : can you afford to live without your site for a few days?
- reputation, public opinion : Could a hack have a hugely detrimental effect on people’s trust in your business and harm its future success?
There is a lot to consider!
As site security must be a priority for businesses, Alexem Studio strongly recommends opting for the most secure packages. Quite simply. But of course, we will be there for you if you need to use our “after disaster” services.
Sources
- https://www.lafabriquedunet.fr/creation-site-vitrine/articles/sites-wordpress-pirates-securiser/
- https://www.getastra.com/blog/cms/wordpress-security/secure-wordpress-admin-from-hackers-changing-admin-adding-ip-restrictions-htpasswd/
- https://www.wordfence.com/learn/how-to-protect-yourself-from-wordpress-security-issues/
- https://kinsta.com/fr/blog/plugins-securite-wordpress/
