Understanding how websites work provides the foundation through which we can understand how websites get hacked. My first goal is that you have such understandings, so that when you contract with a designer/developer, you will know what questions to ask about your website’s security. My second goal is right understanding so you don’t pull a Jay Sennett on your website. That’s where you think you know what your doing. But you don’t and get hacked.
What makes website security even more frustrating? Creatives like musicians, writers and photographers turn over website design to designers, many of whom know little about website security, too.
Would you turn over your abode’s security to your interior designer? I didn’t think so.
How a Website Works
Bluehost created this lovely little video below on how websites work. Here are they key points. In parenthesis I describe weaknesses that can allow hackers in.
How Websites Work
Websites are files contained in a series of folders. (Weaknesses are:
- The files themselves. WordPress has known vulnerabilities in the files that can, without constant security patches, provide hacker opportunities. Third-party editions in wordpress, called plugins, are a vast treasure trove of hacking opportunities, as are the themes that make WordPress look pretty.
- The permission settings of the files and folders. Each file and folder on the server has a read-write-execute “mode.” Some settings are very secure. Others leave your site vulnerable to attack. More in a future post.
- The setting a person uses to upload the files to the server. Some settings are extremely secure. Other settings are not. Again I’ll explain more in a future post.
- Passwords you use to access your files/folders/software.)
Browsers use a computer language called HTML and CSS to make or render your site on a computer. (Weaknesses are:
- Browsers contain security vulnerabilities that have allowed hackers to create malware that you download unknowningly. This malware can then track your keystrokes, for example, and allow hackers to know your passwords, for example.)
Servers are computers used to store and serve the files to anyone’s computer who requests your website url. (Weaknesses are:
Most of us use shared hosting because it is significantly cheaper than private hosting. Shared hosting means your files and folders are stored on a server with scores of other files and folders, each of them an opportunity for hacking.(Weaknesses are:
- In a shared hosting environment, your files become vulnerable. Very vulnerable. Your files may be very secure but that security becomes compromised because other files may not be secure. What’s even worse, is that some computer hacks actually target the server, potentially infecting thousands and thousands and thousands of servers. GoDaddy has had servers hacked. My hosting company has had servers hacked. You would think hosting companies would be expert-ninja security experts, deft at thwarting attacks, but they often aren’t. Running servers is actually a full-time job.)
Domain Name Servers (DNS) provide the addresses for your web addresses. Think of DNS as addresses books for all the web urls around the world. (Weaknesses are:
As you can see, hacking opportunities are baked right into a website’s existence. With good security style, which I’ll be discussing in the upcoming weeks, you can do a darn good job of protecting your website, even a in a shared hosting environment.