If you are a website owner, you might think that once you get your site up and running you no longer have to do much. But consider how easy it is for your website to be hacked. You WANT people to visit it and look around. You WANT to show off the cool functionality of your site.
Well, that same functionality can get outdated pretty quickly. Code that was written five or six years ago probably didn’t even check the validity of requests to pages. A simple example of an attack is a site that uses ID numbers, for example http://www.somedomain.com/index.php?id=12 — what happens when that isn’t a number, or that ID is missing? Did the programmer check for those possibilities?
There are some wonderful open source web applications out there, including WordPress, Drupal, and Joomla, to name just a few. However, every week new vulnerabilities are discovered on those platforms — security hacks, SQL injections, cross-site scripting, etc. Luckily many of those open source applications also have a robust community to write updates to protect against those attacks.
As a website owner, you should check for any updates to your website scripts regularly. This also includes to make sure your passwords are strong and safe. And, have regular backups of the site made that you can download to your computer for safe storage (as even hosting sites aren’t immune to attacks).
It’s a real pain to have your website hacked. You struggle to uncover how the attack was done. You work to get the site updated and back to where it was. You try to clear your name with any search engine that might say your site is “suspicious”. Meanwhile you lose visitors that might never come back.
If you don’t take care of your site yourself, then talk to the developers who built it and ask them to help you backup, upgrade, and lock down your site before you get hacked.
Security is an ongoing process, just like those updates on your computer…