Auditing Your Website Security
I’ve been blogging now for over five years, but writing online in some capacity for around twelve years or so. During this time, I have learnt so many things about blogging platforms, those which thrive and those which falter. The CMS (Content Management System) of choice is now undoubtedly Wordpress, whether you are a small-time blogger, small-business owner or massive conglomerate.
Pretty much everyone is onboard with this website-building platform, it is open-source, free-form and a completely multi-faceted platform capable of building, supporting and powering a plethora of sites. I write mainly about video-games and technology. In the years since I began, I have begun to take more notice with regards to my own output on the Wordpress platform and how to ensure the experience I create is not only enjoyable, but secure for the end-user. In order to maintain the trust of my users, I need to make sure the data I keep on my users is kept safe and secure as is the back-end data of my Wordpress site.
To this end, I frequently audit the security aspects of my Wordpress website and keep a continual watch over the running of it via my smartphone when I am not at my computer. I won’t profess to be an expert on all security matters, but I do like to read up on things and ask those even more in the know than myself. Knowledge is like wealth, it’s there to be shared… right?
So, how do you audit your security on your website? You (like I), no doubt have a wealth of plugins that provide aspects of security for free (or even ‘paid-for’ versions). Whilst these plugins do help with providing an overview of your site they often don’t provide comprehensive protection, alerts nor continued support from a professional for those exploits that utilise XSS (Cross-site Scripting) to gain access to your sites user and back-end data.
The popularity of Wordpress when building websites has resulted in the creation over 40,000+ plugins (not including those in the Wordpress repository), this opens up a wealth of potential security exploits and opportunities for hackers to take advantage of flaws in plugins that may not be continually updated.
It all sounds so scary, doesn’t it? It doesn’t make your website built on Wordpress any less secure… it is an issue taken very seriously by Wordpress. But it means that security and the auditing of the plugins you use need to be a continual process. I am not saying the plugins you use are all exploitable, but it makes sense to audit your website with software that can monitor and highlight those potential exploits so you can respond to those issues or even ‘Hire an Expert’ to help resolve the worst issues you come up against.
If your site has been impacted by malicious code or malware, it is very apparent your current website security solution isn’t working. By installing Fixhacked, you can audit and highlight the existing security issues your site has, but also be notified when other potential exploits crop up. Allowing you to respond in a quick and timely manner.
So what do you do next?
- Download the Fixhacked exploit scanner, and upload it to your Wordpress to begin monitoring and further auditing your Wordpress website and ensuring that your site is not only secure, but keeping an eye open for malicious potential.
- Enter your Domain name and download the .php file which is created for your site, upload this to your Wordpress website.
- Once uploaded, then click the ‘Start Scan’ button and let the Fixhacked scanner do it’s work.
- The scanner runs in the background, whilst you go about your business. It may slow the website down a little. But this is a negligible impact to the overall running of the website in the long-term.
- Receive security scanner results and respond where necessary.
- If you need any extra help, or you are unsure of what to do next. Contact us to ‘Hire an Expert’.
- Let the exploit scanner continue doing its work and providing website security.