Colour Creation Websites - Logo
By in Develop

Your business relies on your website as a 24/7 global shop window promoting your goods and services. However, unlike a retail outlet, you are not behind the counter during the day and sleeping above the shop each evening. Most days you won’t even look at your website – never mind check it for security breaches. That’s where Colour Creation comes in. We design all our websites with security features built in. Not only do we prevent them from attack – but we have warnings built in to alert us to attempted interference.

If you are wondering why anyone would WANT to hack your website, well, it is not generally to steal your data or takeover your site – it is usually to use your server to send spam emails. This damages your reputation by getting your website ‘Blacklisted’; this is rarely life threatening, more of a massive inconvenience. As with most security issues prevention is far better than cure. Recovering from being blacklisted can be a very costly and lengthy process. Some businesses never quite recover.

You’ll find it reassuring to hear that we protect your digital, online presence on three levels, to specifically combat this threat:

1. the server level (behind the scenes)
2. the website level
3. your email service

Without giving too much away to unscrupulous minds, here’s an outline of how we approach security when we host your website.

Security on our server

A webs server is the computer that delivers your websites pages to its visitors when they request them via the internet. It is essentially the home of your website. Colour Creation uses a globally recognised, managed server package – we won’t name it for security reasons – which provides software updates, security patching and system hardening. The service is monitored and maintained 24x7x365 by a team of server experts, both human and digital.

The service we use monitors over 40 key aspects of server health, flagging anything suspicious as soon as it happens, meaning any concerns can be resolved before they become a problem.
In addition, our in-house IT experts further protect your website with a server based Firewall. And we use CloudLinux LVE Manager to take fine grained control of our server’s resource use. This means we can isolate server resources by clients and make sure issues with one account don’t degrade the service for others.

Security on your Website

The majority of the websites we host are written in market leading web publishing software WordPress. This is for a reason. Not only does it have a very user friendly CMS, but any bugs, issues or security breaches are very quickly spotted by its 75 million users and the open source software is easy to amend.

WordPress updates

The key aspect of WordPress security is keeping the core updated. By that we mean the core WordPress files. Every few months the WordPress team releases updates update the security. We always, always update our WordPress to the very latest version. We know that hackers are on the lookout for old, out-dated versions of the software and target these first.
We do this as part of our hosting service for all our clients. You can feel assured that your website is written on the most up to date secure publishing software.

WordPress firewall

WordPress has its own firewall which we tend to use for e-commerce sites or any other sites we think will be particularly vulnerable. From our experience the majority of attacks are Brute Force Attacks. These are an incredibly simplistic form of attack, where bots just try to guess your password. The process is the equivalent of a burglar bashing his head against your door until it breaks. Really the only way to protect against this is to use strong passwords.
WordPress will request you use strong passwords and we suggest our clients use https://howsecureismypassword.net/ to check how good their choice is. For example, a bot using a brute force attack would take only one month to crack the password princess123. A mixture of upper case lower case letters, numbers and punctuation is recommended. Changing your password regularly also helps.

WordPress best practices

As a company we are committed to following Best Practices as published by the WordPress Corporation. Their security Best Practices are available here: https://codex.wordpress.org/Hardening_WordPress

The security of your email

Anyone hosting their website with Colour Creation is likely to call on us for email services too. To protect our email users we use Apache Spamassassin and also Professional Spam Filter. This combination proves quite successful at keeping the majority of spam out. However, it is impossible to keep it all out!
Our IT experts are very proactive in dealing with reports of spam and spoofing. And also monitor outgoing/incoming mail daily for any issues. We do everything we can to protect emails at the server level – but most of the threats come in via our clients’ inboxes.

We ask all our clients to take some responsibility with the security of their emails by using strong passwords and being very cautious about opening abnormal attachments. An attachment is the most likely way a virus could enter a computer and potentially infect your whole system. Rarely life threatening, viruses and Malware are more of a time-wasting nuisance than a malicious threat – but if you are prone to them then it does identify a weak link in your security – most likely cause is, I’m sorry to say, human error.