Website security isn’t always on the top of your list of to do’s. You might not have even had website security cross your mind. However, the problem is very real and you may be vulnerable. There are many types of vulnerabilities and they range in severity and threat. We will go through various common website vulnerabilities.
Man in the middle attacks
Man in the middle attacks. These attacks are mainly targeting your customers. As the name suggests, an attacker will interrupt the communication between your website and your user. Once they are in the middle they have access to all the data that the customer communicates with your website.
How can you protect your users from these attacks? There is a well known solution to this and that is SSL. An SSL certificate can often be acquired for free through either your web hosting or a service such as cloudflare. Stronger SSL encryption certificates can also be purchased through other various services. You would have notices these around the internet before, look for the padlock icon in the website address bar and https.
Brute force attacks
Brute force attacks are another common attack that hackers employ. This form of attack sees an attacker trying various username and password combinations in quick succession. They will hit your login forms for as long as it takes to find legitimate username password combinations by chance.
There a load of measures you can take to fix this vulnerability. Since brute force relies on being able to try as many combinations as fast as possible, limiting login attempts is a solid way to hamper their attacks. Other steps to take are avoiding generic usernames such as ‘admin’. Make your passwords as long as possible, more characters means the longer brute force takes. Keeping the address of your login page hidden. For instance, if on
The most effective methods are blocking access to your login pages for all but nominated IPS and 2 factor authentication so that access to your password and physical device is needed to login.
DDOS(Distributed Denial of Service) attacks
While these attacks aren’t necessarily a threat to your data and website’s security, they are a very serious problem. Your Online store’s server that house your website can only handle a particular amount of users at any one time. What DDOS does, is an attacker bombards your website with illegitimate requests, meaning your server can’t serve your customers your website and so they can’t load your website.
These types of attacks are very easy to carry out so are very common. Downtime means no sales and tarnishes your brands image. So how do you deal with DDOS on your website?
Luckily there are services available that will handle this for you. The most notable two services are Cloudflare (Free) and Sucuri (Paid). These services will auto-identify DDOS attacks and block that traffic to your website.
If you are using Elvenda, you are most likely using a CMS (Content management system). Examples of a CMS are WordPress, Shopify, Magento, Big Commerce and Neto. The more popular a CMS, the more hackers are looking for vulnerabilities. This means that in order to stay protected there are continuous steps you will need to take.
Staying up to date with your respected CMS’s blog for updates on known vulnerabilities is a good start. When a security vulnerability is known, most will warn their users to update their installation.
Make sure that your CMS and any plugins/extenstions are updated regularly so that known vulnerabilities are actively being patched. Check the update logs to be sure.
Enact the use of a WAF (Web Application Firewall), which will provide an added layer of protection for known attacks. There are a few WAF services available, but we recommend Cloudflare.
There are other tools out there for checking for well known vulnerabilities, one such tool is the sucuri site check.