In this episode:
Deal alert: Get 50% any WebARX plan for a year with offer code “WPBUILDS”. Ends 1st March 2019.
Interview – How to secure your WordPress website with Oliver Sild from WebARX
We’ve all heard it before… the internet is not a safe place to be, your website has a great big target on the back of it, WordPress is not a secure platform. Is any of this even true?
Well, yes, some of it is. It’s true to say that websites are targets for people who like to cause havoc! In the olden days of the internet the idea was to take over your page to prove that a hacker could do it. People would wake up to find that there were strange images plastered all over their web properties, sometimes the text was altered and links were buried in the text so your site would forward your traffic to the hackers site.
Nowadays, those types of attacks appear to be behind us. We now have people hacking websites for the purpose of getting rich. It’s incredible the lengths that hackers will go to to steal your resources, but steal them they will. Perhaps they want to use the CPU cycles you’ve paid for so they can do crypto currency mining. If they can hack your website and 10,000 others that’s a lot of compute cycles they did not have to pay for.
On the other hand they might want to rummage around in your database and see if there’s anything of value. Maybe you’ve made the foolish decision to keep payment details in there, or don’t have your passwords encrypted and salted.
The truth is that the hackers don’t care, they just want in so they can have a poke around and if there’s any low hanging fruit they can get their hands on, then they’ll just take that and move on. It’s nothing personal, they’re not doing this to get at you personally, they’re just doing it because you have a website and it’s there, exposed to the internet for them to play with.
Thankfully, WordPress takes a lot of the security worries away from us. Many of the issues that you might face have been thought through by the Core developers, but let’s be clear about this… all software is vulnerable… all of it… there are no exceptions.
The fact that WordPress has an extensible architecture is one of its greatest strengths. You can add a theme here and a plugin there and suddenly your site can do a whole heap of clever stuff it could not do before. This is fabulous, but it also means you’re putting code on your site from third-party developers. Many of them are great, but some of them are not. Most of the issues that plugins and themes bring with them are not deliberate, they’re just slip ups in the code, a mistake that was not spotted, or was not even an issue when the code was written. The problem is that over time, these problems can build up and you will be left carrying the can if and when the hackers figure out how to get at you.
WebARX solves many of these issues, and Oliver Sild is the man right at the top of the company. He’s been experimenting with code ever since he was little and it’s in his blood! He explains how the platform works so you can get up and running in a really short time.
It’s a plugin, but it’s not just a plugin. The platform can be run with pretty much anything, so Drupal, Joomla, raw PHP will all work fine. They have a dashboard which links up with your WP admin so you can know what the WebARX firewall is doing.
As soon as you install the plugin, it gets to work, carrying out a round of tests to see if the site is clean. One test of interest is that WebARX goes out and scrapes hacker web forums to see if your site has been mentioned anywhere – such a cool idea – it turns out that hackers like to brag about the damage they’re doing!
They check your SSL configuration, see if there are any plugins installed with known vulnerabilities, check the health of your server configuration and more. In short, they do a whole heap, and based upon the results, they adapt their firewall so you inherit the rules you need, but not those that you don’t.
The dashboard they have for keeping track of your websites (because you can have all of your websites in one central place) is beautiful. I know that this is not important from a technical point of view, but it matters because it speaks of a sense of attention to detail. If the folks over at WebARX take the time to make the plugin look great, that tells me something about their approach – doing things that don’t ‘need’ to be done.
Oliver explains how the WebARX filewall works to keep you protected. It’s complex and frankly you should listen to Oliver explain it, because it’s better from his mouth than from mine!
If you’re in need of a new security solution for your WordPress websites, then WebARX is worth a look.
Mentioned in this episode:
Get 50% any WebARX plan for a year with offer code “WPBUILDS”. Ends 1st March 2019.
The WP Builds podcast is sponsored this week by…
We thanks them for their support of WP Builds.