A successful attack on your website can cause some severe problems. It can provide hackers access to your site’s database, which, while always an issue, can be especially problematic if you have customer accounts on your website since their passwords and contact information will be at risk.
Successful attacks can add code to your site that adds malicious content, phishing for visitors’ sensitive data, creating spam pages and forms on your site, and links that take visitors to unsafe websites.
Brute force attacks – using repetitive automated bot scripts to test usernames, passwords, and keys – try to get access to your website to use your site to spread malware and perform identity theft by stealing user information.
If your website gets hacked, search engines may show warnings in search results that your site has been hacked, and browsers may show warnings when a visitor arrives at your site. This confuses and alarms visitors to your site, driving away potential customers and ruining your reputation.
Even unsuccessful attacks can cause damage. Brute force and DoS (denial of service) attacks can consume bandwidth and other resources and slow your site down.
What do security measures do?
Good security protects your website from attacks that affect your business. These cyberattacks waste resources (human and financial), cause frustration for your legitimate site visitors, put your business at risk for litigation (data breaches), and can even take your website down (malware and ransomware).
Good security uses firewalls and detection systems. These systems control incoming and outgoing traffic on your site, block attacks, track the occurrence of attacks, and alert you when successful and unsuccessful attacks occur.
Weak passwords are a significant risk for websites. Additional protection for your website can be set up to establish a strong password requirement and/or two-factor authentication (2FA) process. Using 2FA – a two-step login process – protects both users’ login credentials and provides extra security for your site by making it harder for hackers to access your website.
How a Web Support Partner Adds Security to Your Website
At 3MW, we regard your site’s security as an utmost priority. As part of our regular site maintenance, we check for malware (viruses, worms, spyware, ransomware) that can steal data and damage or destroy computers and computer networks. A recent initiative here at 3 Media Web is adding the security to websites that protects against brute-force and other forms of attack.
I love it when the work I do really helps our clients. Website security isn’t the most flashy or exciting work I do, but seeing all the blocked attacks on clients’ sites is so gratifying. ––Monta May, Web Support Rep
We add security headers that configure security defenses in web browsers that make it harder to exploit vulnerabilities. They protect your visitors from being tricked into accepting malicious content, believing they’re on your site. Security headers protect your site content from clickjacking (which hides links on your site that can install malware on visitors’ computers, take your visitors to unsafe websites that mimic your site, or phishing for your visitors’ sensitive data) and other common security attacks.
Here are some more tactics put into place by the Technical Services team here at 3 Media Web:
IP Blocking:
We enable IP bans for the site using Solid Security Pro by default. IPs can be manually added to the backend. As a starting point, we include the HackRepair.com ban list.
Firewall Rules and Brute Force Protections:
We’ve enabled several settings to protect sites from brute-force attacks. We’re automatically locking out any IP address that attempts to log into the site using admin as the username. This is one of the most common signs a password phishing attempt is occurring on WordPress.
We also default to 5 login attempts that can be made before an IP address is locked out of the system.
The number of login attempts a specific user can make before their username is locked out of the system for 5 minutes is 10.
All of these options are adjustable and can be changed as needed.
We’ve also enabled SolidWP’s Network Brute Force protections on sites. This automatically blocks IPs identified as trying to brute force into websites within the Solid Security community.
Pantheon and WP Engine hosting protections:
We also ensure the sites are protected at the hosting level. Live site environments are set to Read Only, meaning that admin users cannot add plugins/themes or run code updates without direct access to the hosting platform.
Protecting Your Website Protects Your Business
Website security is not something you set up once and forget. It’s an ongoing process that needs regular attention and proactive processes. The 3 Media Web Technical Services team stays on top of this, continually researching and implementing ways to make your website more secure.