Having a website and having your details out there in cyberspace can be daunting at times. Especially in this day and age where hacking is extremely common.
Do you feel confident that your website is fairly tight in the security department? Or would you rather do an audit on your website to find out if it really is protected from any sinister activity that may be lurking out there?
Even though many website hosts and providers, like WordPress for instance, are pretty secure straight out of the box, if you ever feel like something does not seem to be working right you probably would do best to get it looked at and checked out.
Now we know that no one wants to have to run a security audit and run the risk of shutting down their website for an extended period of time, that is why in this article we run through a few tips (mostly guided towards WordPress websites) that will stop this from having to happen.
After all – it is better to be safe than sorry, even when it comes to things of a technical nature.
Let us take a look at how to achieve a security audit without shutting down your website in its entirety.
WHAT IS AN AUDIT?
When you do an audit on your website you will be looking for signs of a security breach, such as malicious code, suspicious activity or an unusual drop in performance as a whole.
If you have a WordPress website you can use the basic WordPress security check which you can do manually or you can use the WordPress security audit tool which allows you to do a more in-depth security check.
You can also use online services to help you audit your site. Once something is detected it will be isolated, removed and fixed.
WHEN SHOULD YOU PERFORM THIS AUDIT
Even if you do not suspect anything untoward, you should do an in-depth security check at least once each quarter. This allows you to keep on top of things and catch something immediately if found.
However, if you do suspect something is not right, do an audit immediately, it could mean the difference between saving your data or having everything you have worked for destroyed.
So what are the signs you may need an audit with immediate effect?
- Your website is suddenly very slow and almost sluggish in its functionality.
- Your once unstoppable web traffic is now dwindling or almost non-existent
- Too many log in attempts or new password requests coming through – especially when a number of strange and new accounts start popping up.
- Suspicious links start to show up on your website.
SO HOW DO I PERFORM AN AUDIT?
Updates – Makes sure you are doing your necessary software updates. Yes, it can be a pain sometimes because you need to restart your device, or you are nervous about what bug may appear, however the running theme with software updates is that security for your apps, devices and websites are always updated, and so they should be. There are new threats every day and you need these updates to keep them in check. With WordPress they will look up any updates needed for you and you can then just let it update automatically.
Check User Accounts – Next, you need to review WordPress user accounts by visiting Users » All Users page. You’ll be looking for suspicious user accounts that shouldn’t be there. As a side note – if you have a membership site or an online shop, you will probably have a “sign in” prompt for users – these may need to get checked. If you have a blog you will only have yourself and any other person you have manually inputted as a user on the website log. Anyone other than this that shows up will probably be cause for alarm.
Two-Factor Authentication – This is just added security when it comes to passwords – and especially when you change passwords or administrators on your site and so forth. Generally you would log in using a username and password and that is it – however with two-factor you will have an additional set of security protocol – for instance a OTP (one time pin) sent to your email address or mobile phone.
Check Your Analytics – Using the website analytics tools will allow you to pick up any odd behavior in traffic to your website. For example you may have had a thriving, busy website and almost overnight the traffic drops considerably, then you know that something is not right and you should check it out.
Perform A Security Scan – There are many scanners online that can help you discover any malware but WordPress has its own recommended tools (if you have a WordPress website). Once you have discovered the malware you can remove it and fix the damage (if any) caused.
Create Backups – If this is applicable on your website you should create backups in case anything goes wrong. With WordPress you can get backup plugins that help with this. Just be sure to also keep a good check on your backup plugin as it can sometimes just stop working without any warning.
THAT’S A WRAP…
Now that you have some ideas on how to keep your website free from malicious predators, you can make a point of doing regular checks and you will also become more aware of what is happening on your site. The more aware you become the easier it will be to pick up strange behavior. If you have a suspicion of some shady business taking place on your website but would rather have experts take a look for you, get in touch with our Creative Ground team and let us see how we can help you clean up.