This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates.
Repeatedly we see websites being infected or reinfected when important security updates are not taken seriously. Most software updates are created due to a security breach that has been fixed. Updating to the new version keeps your site safe from vulnerabilities that are very likely to affect your site.
If you search back through our blog, you can see many posts about website vulnerability disclosures.
If these vulnerabilities are not patched with updates, your site remains at risk from multiple types of malware. Updates are not meant to make your life harder, even though it might seem that way. Keeping on top of updates will save you a lot of stress and time in the future when hackers decide they want to take advantage of their new vulnerability on your site.
Small Sites as Targets of Attacks
Software vulnerabilities and access control make small sites a large target in hacker’s eyes.
Our latest hacked website trend reports show that outdated software dramatically influences the chances of a site being hacked. Although there was a decrease in the number of outdated sites hacked from Quarter 3 of 2016 to the entire year of 2017, it is still too prevalent for our liking.
What to Update
Here are some examples of what you should update:
- Content Management Systems
Now, let’s talk about each one of them individually.
1- Content Management Systems
Our hacked website report shows that WordPress is the CMS Sucuri cleans the most (at 83% of all websites cleaned in 2017). This does not necessarily mean WordPress is more or less secure than the other CMS platforms though.
Your CMS of choice will alert you to any available updates that need to be implemented. Please do not ignore these warnings!
Any plugin you add to your site must be vetted. They aren’t all inherently good for your site or malware-free. Some plugins were made to be malicious, whereas others didn’t start that way. Through lack of management or carelessness plugins can become malicious easily.
Here are some things to look for when adding a new plugin to your site:
- Only download plugins from an author and site you trust.
- Check for updates on the plugin and see how long ago the developer has patched any security issues.
- If a plugin is not free then purchase it straight from the developer instead of searching for free versions.
- Read reviews to see if there are poor opinions about the safety of the plugin.
Sometimes less is more. Do you really need this plugin? Think about what the downfalls of the plugin are versus the benefits. More plugins means more security risks in most cases.
Along with plugins, themes also need to be updated and “vetted”. Anywhere a hacker can exploit your site, they will.
As with plugins, there are a few things to consider when adding theme software to your site:
- Is the theme necessary to your site?
- Can you trust the source where you found the theme?
- Will the developer patch and fix any vulnerabilities?
Themes can become a hotbed for malware that come with the promise of Blackhat SEO, malvertising, and backdoors.
If you find a “free” theme that has not been updated in the past 6 months, it might not be as free as you think. Think of the money you might end up losing because of a vulnerability that causes your site to become infected.
Another way to keep your site clean is to ensure that your computer is malware-free as well. Making sure your browser and its extensions are up to date is very important. In these rarer cases, your own computer is the attack vector. Only install browser extensions and browsers from a trusted source, and be sure to update immediately when you are alerted.
As with the other software we talk about in this article, the server itself is also key to maintaining a secure site. Web servers such as NGINX, Apache, IIS, etc. might not sound overly familiar to you unless you are a developer or are very familiar with your site’s setup. Whether or not you are familiar, your site has a server to connect to the internet and your server can become vulnerable to hacks as well. Updating is a must to stop that from happening.
Automatic updates are available for most CMS and plugins, but it might not be the best idea to go that route. Sometimes updates can cause function issues for your site.
We recommend making a full backup of the site and enlisting the help of your developer to assist with updating.
Doing your part to keep your site clean is important in creating a safe web browsing environment for everyone. Make sure to update and stay alert to potential threats to the services you are leveraging.
If you want to stay ahead of emerging threats, subscribe to receive alerts of our new blog posts in your email.