If you’ve ever met me you’ll have probably heard me talk about the security triangle. This triangle is one of the key features of every IT security function out there.
What is this triangle about and why do you care?
Everything you do on your website is this triangle, when you make your site (WordPress/OpenCart/Joomla/HTML/PHP custom built) you have to consider this triangle. As an IT professional, i aim as high up the triangle as possible but i’ll never get to the top! Why, because everything would be secure but no one could use it. Let me give you an example. If i turn off my servers then they could never be hacked and all your data would be safe… but no one could get your content and you couldn’t update it, but it would be secure!
How about if we move to Ease of Use or Functionality, sure if i turn off the firewall and all the security systems, allowed PHP 4 and installed every add-on for apache on the servers, everyone’s custom code would work, no website updates would ever be required and out-dated sites from 20 years ago would all work like they used too, but it’ll be hacked quickly and we’ll all loose our data and our reputations would be destroyed
So where is the sweet spot?
There is no sweet spot, at least not for all of us! For me i want to be as high as possible to the top right of the triangle is perfect for me. What about you’re blog, do you need massive amounts of security, multiple firewalls, post checking, google captura, logins to view the site. My answer is YES. All those things are still important but you have to decide if you want to go left or right, but you still want to be high up the triangle.
Taylor it to your needs, so an ecommerce site need to be easy to use and functional, but a brochure site (photographer) which doesn’t sell anything on-line will push to the left more. News site, you want to me more central. The bit you need to consider is what do you give away to make the other one work better and how you get round it.
I hark on about this a lot, so let me remind you of a few simple steps you need to take.
This is your best line of defence, it actively scans you site and reports problems to you, don’t ignore the warnings and have a look. If you see people trying to login a lot who shouldn’t be act on this. It could (and will) save your site from being hacked
Update your plugins
Out of date plugins are the single greatest risk to your site! If the plugin is out of date the flaws in it are published for all to see on the internet. Developers use Change logs to show us what they’ve done, they include bug fixes and security flaws… so if the security flaw is on the internet then people can use that flaw to get in.
Backup, Backup, BACKUP
Take backups of your site, once a week, once a fortnight or at least once a month. If you’re hacked and have a backup you can restore the site without costing you a penny, and if something happens you have a spare. Have you done a Disaster recovery plan? Have you tested it?
The internet is a scary place and having security in mind will keep you safe. REMEMBER the triangle… keep close to the top without looking the ease and function!
Talk soon internet.