Dynamic websites – we love them as should you, platforms such as WordPress have made the development of high quality websites that can be easily kept up to date by the site owner, child’s play (well almost).
So what are the downside?
Well there are very few downsides, we do however try to engrain/force/instil into all our customers minds the need for good dynamic site security, by the very nature of dynamic websites they can be vulnerable to attacks if not kept up to date. These attacks a usually totally random and are rarely specifically targeted at your business – phew!
To help we always install one of the leading security plug-ins before any site is made live and harden areas to make the hackers life as difficult as possible. However even after the site is live the plug-in must be checked and updated regularly (a very simple process) and if necessary re-hardened.
The same goes for ALL plugins and WordPress itself, regular updates are a must to help keep your site healthy.
NOTE: we wouldn’t advise updating the main site theme files, the core theme may very well have been coded to achieve the look and functionality your site required.
The login area is also a potential weakness, WordPress sets “Admin” as the admin login by default, never, ever, ever leave it as “Admin” because if a hacker is trying to access your site through a Bruteforce attack, the likely hood is they will use the term Admin and they will then be half way there.
The password for the login is also extremely important, using a strong password containing upper and lowercase as well as numbers and special characters is an absolute must.
unfortunately using something like pa55w0rd isn’t as clever as you may think, your not so friendly Bruteforce hacker will undoubtedly have that within his software programme along with 1000’s of other “clever passwords”.
We will be listing a number of “avoid at all cost” passwords in a later blog.
Needless to say when we set up our clients sites we change the admin and supply a strong password, but if any accounts are set up by the client at a later date the above advice must be followed to avoid any potential weaknesses.
Good dynamic site security – its a must!