As online retail is ramping up in preparation for Black Friday & Cyber Monday, so too are the hackers. Most store owners are focusing on increasing sales but do not forget about your website security at this crucial time.
Last year Black Friday weekend sales amounted to a whopping £6 billion in the UK! With numbers so high and the sheer amount of personal data flying around online, it’s an extremely tempting weekend for hackers.
A breach of security during Black Friday weekend will not only effect profit, but also damage a businesses reputation. A recent survey found that 81% of respondents would stop engaging with a business following an online data breach,
So how can you protect your online store? Website vulnerabilities come in all shapes and sizes and can sometimes crop up in unexpected places. It’s crucial you undertake a security audit before the Black Friday weekend. Below are the common vulnerabilities and how you can protect against them.
Out-of-date website software
Website software such as WordPress release security patches often, ensure your website is running on the latest version. You’ll not only be protected against the latest threats, but you’ll receive cool new features and stay ahead of the game.
Themes & Plugins
Ensure your website themes & plugins are supported and up to date. Running themes & plugins on old versions will leave your website vulnerable to attack. If your theme or plugin is abandoned with no updates for over a year, consider a website re-design on a supported platform.
Many CMS have a default admin login page (For WordPress the is example.com/wp-admin) which means the hackers know about this login page too. Protect your account with 2FA (2 Factor Authentication) to protect against brute force attacks against your admin username and don’t forgot the use strong passwords that are not used anywhere else or easily guessable. We recommend using the WordFence plugin to enable 2FA on your account.
Use a CDN
A CDN (Content Delivery Network) not only speeds up your website by caching copies on various servers around the world, it also helps protect against DDoS attacks as they will take on the attack traffic ensuring they never reach your web hosting server. A CDN can be setup for free at Cloudflare.
Use a firewall
Using a firewall such as WordFence on WordPress will keep untrusted traffic away from your website. A firewall will also protect against commons attacks by blocking their IP when they meet certain criteria such as attempting to login as ‘admin’ or entering too many incorrect password attempts.
The most important but often overlooked aspect of running a website is taking regular backups and storing these away from the web hosting server. A good web host will include backups as standard but if yours doesn’t, we recommend using Updraft and storing your backup files in AWS, OneDrive or Google Drive.
If you’re performing website updates, ensure you take a backup first so you can revert quickly if you encounter any issues. We’d also recommend testing updates on a staging website first before undertaking on your live environment.