When choosing a hosting package with us, you might be wondering what a lot of the added features of higher tier packages are – and while we offer some brief descriptions on the Web Hosting & Maintenance page I’d like to take this opportunity to give you some more information on what our website security features offer and how they work.
At Opus Creative we design and develop exclusively for the WordPress CMS. Mainly due to it’s universal appeal for editing and managing content, but also for it’s robust, secure development and frequent updates, both for the core WordPress platform and it’s inherent Plugins. On our Web Hosting & Maintenance page we discuss some of the website security items we provide as part of our packages (you can see these listed, depending on what package you’re looking at) but I’d like to take a few moments to explain in more detail what some of the terminology and functionality we talk about there means to the base-user.
Managed updates to WordPress and Plugins
When we talk about updating WordPress and any Plugins we may have used in development to achieve the functionality requested in the design brief, we are describing the necessary need to keep your website up to date and ‘fresh’. Over time, technologies evolve and standards change – this happens at an extremely quick pace in the world of web design and development. At Opus Creative we believe it is paramount to keep your website compliant with the latest standards as well as being up to date and secure.
Making sure your WordPress version is up to date helps achieve this. Over the course of time, the core development team at WordPress will release updates to the platform. In some cases these might be just minor updates to fix bugs or add some new items of interest, but in others they can be major updates that alter the fundamental structure of the WordPress platform and add entirely new features.
In doing so, this can sometimes create loop-holes in code that may make your website vulnerable to malicious software if the version is left unattended. This is why we would always recommend you avail of our packages that include managed updates to WordPress and it’s plugins to ensure your version of the platform is always the most recent one.
Firewall & System Security
Of course keeping your systems up to date is only one aspect of ensuring your website security is working as intended. Having a Firewall present is always your first line of defence against unwanted attention from nosey scripts on the Internet. Experience has lead us to several externally developed Plugins for WordPress that provide first-line functionality in this field. We make sure your website is protected from the ground up with our Firewall and base security settings.
Malware Scanning & SSL Support
In order to ensure your content and template files are secure and clean we install Malware Scanning software that will monitor activity within your website and inform us if anything unusual takes place. Having an active scanner monitoring your website security helps keep your web credibility with companies like Google – as having Malware infect your website can result in spam coming from your site and negative ratings from search engines as a result.
SSL is an acronym for Secure Sockets Layer, a global standard security technology developed by Netscape in 1994. It creates an encrypted link between a web server and a web browser. The link ensures that all data passed between the web server and browser remains private and secure and is recognised by millions of consumers by a secure padlock which appears in their browser.
The SSL protocol is used by millions of e-Business providers to protect their customers ensuring their online transactions remain confidential. In order to be able to use the SSL protocol, a web server requires the use of an SSL certificate. Certificates are provided by Certification Authorities (CA) who in most cases also offer additional products and services to aid e-Businesses to demonstrate that they are trustworthy. Consumers have grown to associate the ‘golden padlock’, that appears within their browser display, as an indication of trust in the web site. This simple fact allows e-Business providers an opportunity to leverage that increased trust level to turn visitors into paying customers – so long as you know which type to choose.
Source: Blacknight Hosting
We use SSL to ensure your server is water tight when providing sensitive material through your website. Mostly this will be in the case of an eCommerce platform being used where financial data is being processed through your website. Again, if you’d like to know more specifics about SSL and time-management for setting one up get in touch at hello@opuscreative.ie. SSL helps provide you with website security that protects you from outside attacks and unwanted attention.
Brute Force
Brute Force is a term used within the WP Security plugin to define certain methods of adding even more detailed protection on your server. Typically this includes having a customised login page that doesn’t reflect the default WordPress login page. It can be customised to accommodate your Business, so for example http://www.custompaints.com/paints – where the url specified would be your login page instead of http://www.custompaints.com/wp-admin
A Login whitelist can also define exclusive IP address (the location of your computer in a network) that are allowed to access the login page of your website, so if you’re running a small company selling online and you want to restrict access you can allocate specific IP ranges within your office to accommodate access.
Brute Force also offers Captcha forms to login pages and a Honeypot feature. Honeypot is where a hidden field is added to the login form that only robots can see (automated software that prowls the web looking for vulnerable websites to register on, and consequently spam) – Humans will not be able to see this field. Typically, a robot will address all fields when attempting to infiltrate your website so if this ‘Honeypot’ form field value is submitted then the offending robot will be dealt with accordingly and removed from the website.
2 Step Authentication
Increasingly popular, 2 Step Authentication provides a very personal, unique way of providing you with top website security. Along with all of the security features discussed above, one final attribute to your online protection is enabling this feature. Simply put it’s a way for the system to specifically verify who is logging into the website. Most commonly, you will need an application on your smartphone that is linked to your website. How this would work can vary, but a lot of the time it is achieved via QR codes – whereby after offering your initial login details you will need to verify ownership of said credentials by scanning a QR Code with your phone.
If you would like to know more, or want to talk specifics relating to your website then please get in touch with us +353 (0) 21 242 8689
