Website security in the face of digital threats

In this article, we will describe some of the most common threats and their potential harm, as well as one.com website security solutions.

Common website security issues in 2020

Malware

Malware is the shortened term for malicious software. It is a catch-all phrase for any software designed to disrupt, damage or gain unauthorized access to a system. There are many ways malware can spread, from plugging in infected USB drives to accidental downloads from infected websites. Viruses, spyware and ‘worms’ are typically included in the definition of malware.

Cross-site Scripting

Cross-site Scripting (XSS) is a type of vulnerability hackers use to bypass security features by injecting malicious scripts into webpages. While it has been around for a long time (for something on the internet anyway), ZDnet reported in 2017 that it still represents a major threat vector – so much so that many major companies have bug bounty programs that cover XSS.

SQL Injection

An SQL injection occurs when a website form does not protect against various special characters and commands, allowing a malicious party to access, change or delete data from a database.

Man-in-the-middle attacks

A man-in-the-middle attack is one where a third party intercepts messages between two entities that believe they are communicating with each other. For example, an end-user browser and a web server. This is similar to eavesdropping to get critical and private data such as passwords, and credit card information.

How do you protect your website?

Due to the comprehensive nature of threats, there are several precautions you should be taking concerning your website security. Some are automated tools you can deploy, while others are best practices you should follow.

Secure your accounts and passwords

It should go without saying that you must keep your web hosting password safe. Whoever has it can access your Control Panel and do any number of things to disrupt operations. For example, the bad actor could deface your website, redirect it to a competitor’s site or even steal customer data that you are liable for. You should therefore tightly control who has access to your login details and follow best practices for strong password security: change your password regularly and do not re-use passwords across different sites.

We have recently introduced additional website security measures and added support for password recovery via a secondary email address and phone number. So, even if your mailbox is compromised, you can still reset your one.com password and protect your online business.

Keep your website and CMS updated

In the world of cyber-security, it is a never-ending race to keep up with the discovery of new vulnerabilities that put websites at risk. That is why you should keep up to date with the latest versions of software such as WordPress or PHP. In fact, we recently transitioned our customers from an older version of PHP that was no longer getting website security fixes. Customers not only got performance improvements but more importantly, they will not be vulnerable to newly-discovered exploits of the old version.

If you use our Website Builder or Online shop, then you don’t need to worry. Our team of experts regularly update our tools with the best website security practices in mind.

Always have a clean backup

Frustration can mount quickly when you accidentally corrupt data by installing a malicious plugin or clicking on a bad link, and have no recourse. A regular backup regime can save you in crisis, but also give you peace of mind at other times. Backups mean you can roll back your website to the most recent clean version and only lose a day worth of data compared to losing everything.

We store backups of all our active customers’ data for 14 days with a restore function available on demand or as part of a premium plan.

Encrypt the data shared between your visitor and your website with SSL

SSL (Secure Socket Layer) technology encrypts all data website visitors provide, including credit card information, email addresses and names. SSL prevents man-in-the-middle attacks: if a malicious party were to be able to intercept the data, it would be scrambled up and can only be decrypted with a private key.
Because protecting user data is important to us, all of our packages come with a free SSL certificate that is enabled automatically with no additional configuration needed.

Turn off FTP and use SFTP or File Manager instead

The File Transfer Protocol (FTP) has been around for over three decades and was never designed to be secure. It has a whole host of vulnerabilities and does not have any encryption, so passwords and data can be captured by a bad actor.
You should instead use SFTP, which transfers files over a secure SSH connection. one.com customers can also use the highly secure File Manager integrated into the Control Panel.

Stay vigilant by having regular scans of your website

It’s just like getting a regular health checkup, your website needs them too and should be scanned regularly for any sign of malware. There are many free and premium options available; we have partnered with the security experts from SiteLock, an industry-leading firm, to provide our customers with state-of-the-art website security solutions.

Set up alerts about suspicious activity

If you are a Premium Mail subscriber, one of the security features we offer is to enable SMS alerts for logins to your email originating from overseas. In the unfortunate event that you are hacked, you can quickly disable your email before the hacker does any real harm. You can learn about Premium Mail SMS alerts here.

Prevent unwanted domain transfers

Domain Lock is a security feature we’ve recently added for our customers. It enables customers to set up additional protections to prevent domains from being transferred without their permission via a 2-step verification process. This way, you won’t get surprised by an unscrupulous person stealing one of your prized domains.