Newsletter #170 Mr. Robot & CDNs
If you haven't watched the highly acclaimed Mr Robot then you must - not only is it brilliant but it gives an insight into how hackable we all are. Unless you totally disconnect from the Net you can only reduce the risk, not eliminate it.
In 2013 I wrote post #157 Why Security Matters Online which mainly covered passwords and is a sort of a Security 101 - things have moved on.
We've seen an increase in the number of Websites hacked, particularly those on well known platforms like WordPress, Joomla, Drupal and Magento. Because these platforms are so popular they provide millions of potential opportunities, in fact according to Securi, 74% of all the infected sites they dealt with in Q3 2016 were WordPress installations. Perhaps even more worrying was that only 15% of all infected sites were on a blacklist.
If your site gets hacked and gets put on the Google Safe Browsing Blacklist, it's not only the time that the Website is down, it's the time taken to get your Website's reputation back.
We now actively manage all the WordPress sites that we host to make sure they're up to date and are continually looking at the security of our server and Websites.
In response to this increasingly hostile environment for Website owners there is an emphasis on the use of SSL to encrypt all communication between the user and the Net application. It was normal only for credit card transactions, but now you'll notice on most browsers that anywhere you have to enter a password a 'Not Secure' message will appear if the page is not using a SSL certificate (https). If you have customers or users logging in on your site, it can be very disconcerting for them to see such messages.
We suggest you get a SSL certificate for your site as in the long run it will be a standard requirement. For most non-Ecommerce sites a shared certificate is sufficient and is something we can easily provide for free or at low cost, depending on your hosting package.
Another even better option is to use a CDN (Content Delivery Network) like CloudFlare that sits between your Website and the Internet and manages the traffic. It does things like:
- Keeps out malicious traffic
- Improves Website performance
- Caches your content so even if the Webserver has issues your site will stay 'up' using the cache
- Protects content on your site
- Provides a free shared SSL certificate
- Provides access to other useful apps
A CDN can be of even greater benefit if your viewers are mostly global rather than from New Zealand where our servers are located.
For a very modest cost we can set your site up with CloudFlare but note that we do need access to your DNS. So if we don't look after your domain you'll need to provide us with access.
If you're hosting your Website on our servers, you're already well protected but why not make use of a CDN to make it harder for guys like Elliot?