Site Security: Tougher Than You Think

Keeping sites secure is tougher than ever, what with everyone and his mother using CMS tools to host their blogs. Our Mat Lee and Jeremy Lesniak have tips and tricks to make it easier …

What makes good website security?

That depends on the content management system (CMS) your site uses — for instance, WordPress, Drupal or Movable Type. Your site security situation also depends on what kind of hosting plan you’re on.

Yes, we know shared hosting is cheaper than dedicated hosting. It’s ideal for small websites. But shared hosting also makes securing sites easier. Typically, the hosting company will secure servers in shared environment. If you’re on a dedicated server, though, security is up to you. Most people have no clue they’re even at risk, as this survey from  Commtouch and Stopbadware of 600 website owners shows below.

Website Security Infographic
Infographic Courtesy of

Twenty eight percent of respondents use WordPress. That CMS has enjoyed astronomical growth in recent years — blogs, international organizations and all kinds of sites in between use it.  Not everyone knows they do, though. Nearly 20 percent of respondents in this survey couldn’t name the CMS their sites relied on.

In terms of website security, this is as bad as not knowing what car you drive. Or how to work the brake.

Sixty-three percent of respondents with compromised sites couldn’t explain what happened, either.  Twenty percent of respondents blamed insecure or out-of-date software. I suspect the majority of the 63 percent of clueless respondents also suffered compromised servers. Either way, it’s critical you keep your site  up-to-date.

There are a number of services and products easily will assist with monitoring your website. Far too few organizations bother to use such tools. Fully 58 percent of survey respondents successfully resolved a compromise using publicly available resources and their own skillsets.

If you’re operating your site on a shared server, here are two things to keep in mind. One, make sure you make your passwords lengthy, mix symbols and numbers in them, and change them often. And two — this bears repeating — keep your CMS up-to-date. Just as with operating systems, CMS updates will eliminate known vulnerabilities. Don’t ignore them or put them off. Handle them immediately.

Same advice goes for those sites on dedicated servers. You’re on your own, usually, responsible for everything from OS updates and kernel patches to dealing with the CMS. If you don’t have the time and knowledge to keep a dedicated server secure, switch to a shared hosting provider. There you’ll get some support.

Hackers increasingly target websites that serve thousands or even millions of users. That’s efficient of them. So bone up on your security tools, keep your CMS current and stay safe out there.

Our managing editor Jeremy Lesniak and contributing editor Mat Lee collaborated on this story.