How Secure are Your Website Hosting and Content Management System?

A day or two ago I got an email from a client who told me one of their employees had suddenly quit and was angry about something with the company. Last night I received dozens of emails from their website content management system after repeated failed login attempts. Unfortunately I can’t trace where the login attempts came from. I have a list of IP’s, which were all blocked by our security software, but the IP’s were from behind proxies and were traced to hundreds of different countries.

Just a couple of weeks ago a friend called about strange links appearing in his family members’ business site. Sure enough the site had been hacked and code with hyperlinks had been injected throughout. We immediately got into the hosting and changed all of the passwords, including the content management system login and database password, and then put in place some security measures after securing and cleaning it. While they only suffered minor damage, businesses could lose their entire site and risk offensive material being placed on their site, irreversibly damaging their business reputation.

It’s very easy today for even amateur hackers to use brute force automated bots that try hundreds of variations of login username and password combinations and if your password is weak and your security is not strong, they might just get in to your site and could completely destroy it. Many content management systems have modules or plugins that can improve security but your developer has to put them in place. They can even log the IP addresses of “people” who attempt to login, but if the bot or user is behind a proxy, that IP is worthless. A proxy or proxy server is basically another computer which serves as a hub through which internet requests are processed.

If you aren’t familiar with your website’s security measures in place, contact your developer and ask about them. And while you’re at it, ask for a current backup of not only your site files but also any databases. You might also want to disable any user accounts not in use, change the admin usernames to something other than the usual ‘admin’ or ‘administrator,’ and make the passwords more secure using a combination of letters, uppercase letters, symbols and numbers. The developer can also put in place other measures such as lockout plugins that block IP’s and even blocking entire countries from accessing your site. To find out more and get a free consultation about security and hosting, feel free to contact me here or call 315.876.9607..