Tag Archive for: website security

5 Scary Site Security Issues to Protect Against

/by

Introduction

It’s Halloween, and if there’s one thing we can definitely be scared of, it’s a security breach. Your visitors won’t trust you if they think their data is being stolen or their accounts are being hacked. That might lead them to leave for another site, costing you both money and reputation. To prevent this from happening, you need to protect your site properly, which means making sure everything is up-to-date and secure—even the little things! Let’s take a look at five common issues that could cause problems on your site:

Weak passwords

You know the feeling. You’re writing a password, and you’re so close to getting it right—but then you stumble over that one character, and it’s all gone. You’ve got to start again from scratch.

Strong passwords are the first line of defense against hackers and other nefarious actors who want access to your site’s servers, data and resources. The longer your passwords are, the harder they are for hackers to guess correctly (and thus more difficult for them to break in), but this isn’t an unbreakable rule: if it were that simple, there’d be no need for strong passwords at all! To keep things simple enough for humans while still making them hard enough for computers, I recommend using 8-12 characters long combinations of letters, numbers and symbols with no repeated characters or patterns (e.g., “5kfJ7ymu”).

Not protecting against CSRF attacks

Let’s face it: security is hard. It is much easier to go back to a site you love and continue using it than it is to spend time exploring new tools or researching how your favorite sites protect themselves against attacks. However, by not taking the time out of your day to ensure that you are protected against various forms of malicious attack, you’re putting yourself at risk of losing all your information.

So what exactly is CSRF? Well, CSRF stands for cross-site request forgery and is a type of malicious attack where one site tricks another into sending information without their consent (or awareness). The aim of this type of attack is usually to steal data from the victim’s account on another website so they can log in as them. For example: imagine that Bob logs into his bank account through his browser every day after work and checks his balance before making payments online; Alice wants access to Bob’s bank account but doesn’t have his username or password because she doesn’t know them offhand yet…what does she do? She’ll probably try logging in through some other way (like via email) until something works! This might sound like an unlikely scenario but even if Alice were successful in stealing Bob’s credentials this way then she could make transactions without him noticing any problem at all! In fact there are many ways that these attacks can occur – which we’ll get into shortly below.

Not securing the admin area

One of the most common mistakes we see is not securing the admin area. In fact, this is one of our most common security issues to fix!

The main reason why people don’t secure their admin areas is because they don’t realize it’s an issue and/or their site isn’t making enough money for them to care about fixing it. But just like with any other website on the internet, you’re leaving yourself vulnerable if you don’t take basic security precautions with your CMS-based (e.g. WordPress) site.

There are two ways that hackers can get into your site: either through brute force attacks (guessing passwords) or phishing scams (tricking people into giving out their login information). To prevent both of these from happening, make sure that you’re using HTTPS and a password for all URLs. This includes not only the login page for admins but also any pages within your admin dashboard that require authentication (i.e. changing settings). If possible, set up multi-factor authentication so no one can get access even if they have your password alone—and stick with longer passphrases instead of short ones!

SQL injections

SQL injection attacks are a type of attack that exploits poor coding practices to gain access to the database server. The attackers use input fields on the website such as search boxes, user login forms, or comment sections to inject SQL commands into database queries. This can be used to steal data or execute commands on the database server.

The best way to protect your site from SQL injection attacks is by making sure that your web application has proper input validation in place and uses prepared statements when accessing any databases. If you think your site has been attacked, check for errors in syslog files or other log files about failed database queries (i.e., “select * from users”). Also, look for suspicious file names like *.php*.sqlite3 or *.sqlite3 in hidden folders such as .git/.svn/.cvs/.hg/etc.

Playing fast and loose with permissions

While security settings can seem intimidating at first, it’s important to be aware that not all permissions need to be set to the highest level possible. If you’re wondering what kind of access you should give a user and your only answer is “the most,” it’s time for some soul-searching.

Make sure you have the right permissions for each user, and those permissions are set to the minimum level required. That means no more than one or two sites per person, depending on their specific needs within those sites (for example, if they’re just looking at site analytics).

Don’t give users more access than they need; don’t give them access to other sites outside of theirs; don’t let them see anything they shouldn’t see. And while we’re talking about this topic: Don’t set up an account with more than one username/password combo — just use one login per person!

Site security is important, so don’t forget to spend time on it.

As you’ve seen, this can be a pretty scary issue. So what can we do to avoid becoming the next victim? Here are four things that will help:

  • Make sure you have a security plan in place.
  • Make sure your team is trained on security procedures.
  • Make sure you have a good security budget.
  • Make sure you are regularly updating your security software and protocols. You should also be checking for vulnerabilities regularly to make sure there’s no weak spot in the system (you’ll want someone who knows what they’re doing for this).

Conclusion

So, there you have it—our five most common site security issues. We hope that this article has been informative and helpful!

HTTP vs HTTPS and why it matters

/by

When browsing any site on the internet, the term HTTP or HTTPS will appear before the site address in your search bar.

HTTP means HyperText Transfer Protocol. It is what defines the message structure between the web browser and the web server. It is the basis of all communication on the world wide web and comes in two forms: HTTP and HTTPS.

Both HTTP and HTTPS serve the same main function, however, HTTPS encrypts your connection and prevents several potential problems when browsing the web. When websites are not secured with HTTPS, hackers can send users to fake websites, steal passwords, run third-party ads and use the browsers of unaware web users for cryptocurrency mining.

HTTP is becoming increasingly less common with over 90% of web traffic in the US using HTTPS secured connections. Despite its decline, HTTP is still found among the largest sites on the internet. As shown on the website whynohttps, many of the worlds most visited websites including bbc.com and espn.com still use HTTP versions of their website.

Last month, Google made a push in favor of HTTPS on their internet browser, Chrome. The company began to show warnings on non-HTTPS websites where users could share personal data such as their credit card information or their password. This change comes from Google’s effort to improve web security and data safety.

Further changes coming to the Google Chrome browser in upcoming months will push more site owners to switch their website over to HTTPS. In September, Chrome will begin to change the green ‘secure’ label next to HTTPS websites into a less noticeable black label. In the following month, HTTP sites will show a noticeable red ‘not secure’ label on the left of the website URL. And finally, the ‘secure’ label will be removed completely in a later month. This will presumably be when most of the commonly used sites on Chrome have switched over to HTTPS. To facilitate the process, an initiative sponsored by Google, Facebook, and Mozilla called Let’s Encrypt has been created to help website owners secure their HTTP websites free of charge.

Aside from the addition of warning labels as a push to change HTTP sites to HTTPS, Google has also introduced HTTPS as a ranking signal for SEO. Stating that security is a priority, Google uses HTTPS as a lightweight SEO signal for page ranking. Despite carrying significantly less weight than other SEO factors right now, Google plans on strengthening the importance of HTTPS for SEO in the future. For any marketing professional wishing to improve or maintain their Google webpage ranking, switching over to HTTPS before Google increases its importance is an important move.

Google’s push towards a safer world wide web with the help of HTTPS is a step in the right direction for the history of the internet. With HTTP being outdated and unsafe, it is wise to avoid entering personal data in HTTP sites and switching your personal website over to HTTPS as soon as possible.

t2Marketing International

Let’s connect

Marketing Rundown

Our curated weekly rundown with everything you need to know about media, marketing and digital news.

[revue_subscribe]

Insights

Our blog is full of important news and information for you.

Books, white papers and more

Members of t2 are keynote speakers at international digital marketing conferences, content contributors.

Specialized Expertise

t2 can grow your business across integrated verticals. Contact us for help with website development and technical needs, growing your ecommerce or Amazon business, and Web3 projects.