Developing a website protection “playbook”

We use several different products and methods on our sites to protect them from outsiders trying to get in. The list of reasons hackers want to get into your site is longer than anything you want to read here, but trust us, it gets a little longer every day. And for a number of reasons, we’re noticing an uptick in the amount of attempts  by the hackers to get into our sites.

Sometimes we can tell that the attempts are by people and sometimes the attempts are made by bots. Well, we think most are bots. Unless there really is someone out there named mcutcheon mcutcheon (not sure your parents thought that one out!) most often it’s by bots. So what is the best way to keep them out and to keep your site safe when you can’t be there to watch it?

Our approach to website safety is not unlike trying to keep your car from getting stolen. Basically, you want to make it much harder to steal it than the car next to it. That philosophy lead us to sit down one day and develop a “best practices” list for all the sites we make for our clients.

That list led to one more realization- that one size does not fill all. Some sites need one list, other sites something a little different. So we’ve decided it’s more of a playbook, with processes that change by the type of site.

Some of the changes are to the front end, and some are on the back-end. And it’s a long list, much longer than we would have guessed before we put digital pen to paper. If phrases like “2 factor authentication” and “modifying your database prefixes” make your eyes cross, we can help.