24 Aug, 2016 Security is Everybody’s Responsibility 24 August 2016 Sam Kuhnbaum Web Developer On Tuesday 23rd August, the Pixel dev team headed over to the WP Leeds event, hosted at Future Labs in the city centre. Speakers for the evening were Tim Nash and Matthew Haines-Young and the topic for discussion: WordPress security. It’s a problem that has long plagued the internet. It’s a problem that has concerned both customers and companies alike and rightly so, because as Tim Nash appropriately quotes: “security is everybody’s responsibility”. But why is security everybody’s responsibility? What if you have a digital agency like Pixelbuilders building your website for you? What if you’re using a hosting provider? Why is security still your responsibility too, and not just the responsibility of your digital providers? If you think of your website as a huge country mansion it’s a little easier to understand why everyone needs to play a part in keeping it secure. Keep Your “Keys” Safe Like a big stately home or mansion, your website has many different people coming and going on a daily basis, so it’s easy to imagine someone not quite closing the door properly when they go out, or maybe leaving a window ajar or forgetting to hide the keys from view while the head into the garden. Well although a website doesn’t have windows, doors and keys, it does have login screens and passwords which basically work in the same way. If the login screen is the door and the password is the key, then you need to take the same precautions. First, don’t leave your password on display. That means not writing it down on a handy post-it note on your desk, not keeping it in a word file on your computer and not storing in on your phone. If you really need to keep a record of your passwords, then invest in trusted password storage software, to keep them behind a secure login, that way remembering one password can grant you access to all your other passwords. Second, just like you wouldn’t use the same key to open all the doors in your mansion, don’t use the same password for everything you need to access online either. Keep it varied so if one password is compromised, you’re limiting the damage that can be done with it. Moreover, if your mansion was broken into, chances are you’d be changing the locks, so equally if your site has been hacked, change your passwords. Finally, it is important to log out properly each time you’ve finished what you’re doing on your website, this is just like taking the time to close doors properly behind you. If everybody getting in and out of your website, either to make changes to the code or make changes in your Content Management System can take these precautions, then it will help keep it as secure as possible. Validate Your Visitors As you can imagine, running a mansion takes a lot of deliveries and maintenance throughout the year to keep it spick and span. That means there are goods coming in and out as well as, you guessed it, even more people visiting. In order to keep things secure, it’s important to check that the deliveries or goods received are what you expected. Checking the delivery address is correct on the packaging and that the sender is a recognised sender. You might want to check the credentials or ID of the delivery man to ensure they’re from the right company and that they are who they say they are too. It’s all just common sense before you let someone or something into your home right? Well this process of validating your visitors applies to your website too. Most often, data is captured on a website via forms, so this is like the post-box where users deposit their information for you to receive. However, to avoid spam or even harmful entries, web developers can use form validation to make sure the information being entered into the form, is as expected. For example, if we have a form that includes a question asking users to rate a service from 1 to 5. Then we can set the form so that only those expected values: 1, 2,3,4,5 are accepted. Anything else entered can either be rejected as invalid or forced to default to a valid entry. This way, we are rejecting unsolicited, potentially harmful entries. Hide Your Wealth It’s well known that most burglars and thieves are opportunists and the same is true of hackers, so the best defence for avoiding it happening to you, is to hide your wealth. We know jewellery, money and in the modern age, new technology are all temptations for today’s burglars and that’s exactly why you wouldn’t leave them lying around on show in the mansion. Instead you keep them hidden in cupboards, drawers, maybe even a safe. For hackers, the temptations are useful pieces of information that can speed up or help the hacking process. This is information such as what platform your website uses, what software version you’re running and what plugins you use. Much of this information is typically store in the HTTP header of your website, however, your digital agency can hide the information here to ensure it’s not a welcome invitation for hackers, which is just the same as hiding your loose change in a draw at home. Remember It’s A Mansion There’s a reason we picked a mansion for the metaphor and not just a 2 up, 2 down. The sense of scale is important. A mansion has hundreds of doors, windows and rooms, and each one can be a potential weakness however, with everyone doing their bit to keep it secure, it’s easier to manage. This is exactly the case with your website too. It can be a single snippet of code that can cause problems on your website, so if everyone does their bit to keep it as secure as possible the less likely you are to suffer a security breach. Sometimes, it’s not shutting the front door either, but perhaps just closing the garden gate that can add another obstacle into the mix to help boost security. Online security is a persistent problem, and it is one that constantly evolves as technologies and software advance, however, we can make it harder for hackers to breach websites. If you’re thinking of embarking on a new digital project and you’re concerned about security, speak to one of our team today to find out more about how we can make your website secure online.