web security

Why Web Devs Bang on About Security

One of the hardest parts of my job is in getting clients to appreciate the importance of ongoing website maintenance – especially with regards security.

 

Transcript:

I’d like to talk to you today about security.

Last week we were contacted by someone who’d had their website hacked and could we help, which of course we do if we can.

And it was really interesting. It was what we call the pharma hack and code had been injected into lots of the web pages and had to be stripped out and cleaned and we did that.

We moved the site on to our hosting and we are watching it very, very carefully. Once hackers know there’s a vulnerability they’ll often keep coming back.

Oh boy, have they kept coming back.

Usernames

Now the site is locked down and is safe but there have been 232 attempts in one hour to access the WordPress website using the username ‘admin’. And you wonder why as web developers we tell you never to use admin as your user name?

The hackers have tried admin and administrator. They’ve also tried the url, with the .com and the url without the .com. These are obviously fairly standard usernames that people use.

So I just wanted to say security is really important. I know clients find it difficult to get excited about security and you don’t, until you’ve been hacked.

We get excited about security because we do the cleaning up and we know what a mess it makes so we understand.

It’s like not really wanting to pay for insurance for your motor car until you have an accident and then you really appreciate it.

So security. Please get rid of the admin user. If you don’t know how to do that, contact us and we will help.

Don’t use your url for your username for WordPress. Again, if you don’t know how to change it, we’ll help you, just get in touch.

Passwords

Make sure you have a secure password.

Avoid using any words out of the dictionary.

Use mixtures of cases and symbols.

The key thing is, and you are going to love this (not much), have at least 20 characters in your password.

I know. Nightmare. You’ll never remember them. Use LastPass or Roboform or something like that but the only way you are going to slow these hackers down is with 20 characters in your password and that will probably be 25 characters by next year but, anyway, for now, it should be enough.

So, a bit of a doom and gloom broadcast this morning but, security, please bear it in mind and I hope you have a good weekend. Bye.