If you surf the Internet a lot - and hand on heart, who doesn't? - who has surely thought about the security of his data at one time or another. Especially if you are a website operator yourself, this topic should have a high priority.
In this article we have Alex Mitchell from VPNpro.com on the topic of web security. Alex is an expert when it comes to data security and WordPress. He will explain to us what we have to pay attention to in order to keep our websites secure. With this in mind, have fun with the interview!
Hello Alex, thank you so much for taking time for us.
Alex: No problem. Always happy to help.
I'm glad to hear that. Let's also start with our first question: When we talk about website development, where do we place web security?
Alex: In short, security and privacy should be the first priority in the entire website development process.
Interesting. A large part of all websites on the net is based on WordPress. How does the CMS perform in terms of security?
Alex: It is said that about 30% of all websites are based on WordPress. So you would think that WordPress should be safe and by and large it is. However, from time to time the developers overlook some areas of security or find gaps only after some time has passed.
We are not talking about hard-to-find special cases or logical errors. XSS is a good example of this, meanwhile it is really good. But take a look at the latest updates and see how many bugs only existed in XSS:
Wow that is actually quite a lot and is of course also disturbing. Are there any alternatives or secure systems than WordPress that you would recommend?
Alex: Sure there is. But then these are mostly solutions for companies, such as Symfony. But there is no system in the world that is 100% secure. Most of the time it's more about how hard it is to find security holes, how much damage can be caused by them and how fast they are closed.
Plus, such solutions for companies (or content management systems that use parts of them) pay white-hat hackers to find vulnerabilities. Not to exploit the vulnerabilities, but to inform the developers. Some even get a bonus for fixing the bugs themselves.
This sounds as if there is no such thing as the one ideal solution. Do you have some tips what every webmaster can do to protect his own website?
Basically three simple things: constant learning and development, relying on best practices and using secure connections when connecting to one website.
So really a few simple things with a big effect. Those who continuously educate themselves keep the overview and do not become careless. What are the most common threats to WordPress websites?
Alex: The most common threats to website security are:
- An outdated version of the Software
- Use of non trusted or unpopular plugins
- Use of non trusted themes
- Utilization of insecure Hosting (usually low-cost provider), which is shared between several users and is is
- Not the "wp-admin" name to and to use the same name on the website. It should always be a separate name must be chosen
- Outdated PHP
- In general also freelancers to who have little knowledge about safety and good practice, and who are own. People who just do a job and have some random install plugins without worrying about what they actually do and what they do not do and how it affects security and performance
- Reveal exact details or allow plugin developers access, even if there are premium plugins are.
Now we have a good overview of the dangers. So always make sure that everything is up to date, you choose the proven path and do not release any sensitive information.
Alex: Right. Especially the reckless installation of plugins and the choice of the same name for the admin account often happens to beginners.
What do you think are the trends and dangers that lie ahead of us in the future?
Updates are already coming more frequently than ever before and this will increase in the future. Any webmaster and website owner who believes that you can simply create a site and keep it forever is unfortunately completely wrong.
Due to missing updates the dangers do not only come from the outdated content management system, but also from the server, PHP, MySQL and other components. This increases the risk of being hacked, having a site downtime or even producing data leaks.
Yes Updates are an important part of security. Our final question is: If you hire a whole team to develop the website, should everyone follow all the steps listed for web security?
Alex: Definitely! Additionally, a security check should be done and extra programs and tests should be run. These are all smart things to do.
Thank you very much for taking time for this interview today, also on behalf of our readers. We wish you continued success with VPNPro and keep the Internet secure.
Alex: Thank you. It was a pleasure, and until next time.
Summary of the interview
Alex has given us some very valuable information here about how we can protect our websites. So, to recap:
Already during the development of the website you should consider the security of the data
All systems and plugins should be updated constantly to keep them up to date. This way you avoid the biggest source of danger
Never disclose personal or sensitive information. This means for the admin of the site to choose different names for the front- and backend, but also to prevent plugins from accessing data in the ideal case.
There is no 100% secure system. Continuous training and good practice should therefore be encouraged
We hope this article has helped you. If you have any questions or comments, we look forward to hearing from you.