Keeping your society's website secure

You might think that hackers wouldn’t be interested in the website of an amdram society; after all, you’re not likely to be storing credit card information or anything else worth stealing, are you?

Sadly, you’d be wrong. Hackers are indiscriminately trawling the internet all the time (usually with robot software), trying to get into sites – any sites. They may try to insert code into your site so that you infect your visitors’ computers with viruses, or they may re-direct your visitors to their own sites to sell their (somewhat dodgy) products. Or they may simply hack you to show that they CAN.

Unfortunately, I can confirm this from my own personal experience. One of my sites was hacked a few years ago so that visitors hitting the back button on a mobile device were re-directed to an advertising site. I had to take down the site and rebuild it from scratch.

So what can you do to keep your society’s website secure?

Most web hosts (the company who store your website on their servers and connect to the internet) will offer some security, such as regular backups, secure transfer and SSL certificates. For an extra fee, they may also offer firewalls and protection against viruses and DDoS attacks.

The best will offer real-time monitoring of your site. However, you’ll naturally pay a premium for this sort of service, as your web hosts will be hosting thousands of sites on their servers.

When my site was hacked, I invested in a Joomla extension called Admin Tools, which monitors for hundreds of types of potentially suspicious activity on your site, stops it and sends you an email warning. While this isn’t a plug for Admin Tools, I can tell you that it detects and blocks several potential attacks every day and so far none of my sites have been hacked. I use this extension on all the sites built by AmDram Web Design (subject to the agreement of the society) to increase security.

Of course, you also need to adopt your own sensible security precautions: use strong passwords (which you keep to yourself), apply any Joomla updates when they are released (many include security measures), and make regular backups, just in case. No security measures can help you if your password is “password” or if you are using an ancient version of Joomla which was hacked years ago.

Don't ignore the potential threat of hackers: it might happen to you!