Client Website Security with Dre Armeda
Warning: Listening to this interview with Dre Armeda could save you and your clients thousands of dollars, and just as many headaches!
There are millions of website attacks every day, 95% of which are automated and opportunistic. In this insightful interview, Kristina Romero speaks with the Master of Security, Dre Armeda about website security risks and precautions. Throughout the interview, Kristina gets the low-down on what we, as website developers and consultants need to be aware of (and implement) to ensure our clients are protected as best as possible from attacks.
Also, tune in to discover the one key plugin Dre uses and why he uses it.
Plus, just what is a “Soup Kitchen Server?”
Watch the Video
Dre’s passion for security and educating people about risk and prevention clearly translates in his delivery of information and strategies in his discussion with Kristina.
Let’s Begin With Some Dre-Stats:
- There are 1.1 billion active websites on the internet today
- 33 percent are powered by some sort of CMS (so there is a lot of vulnerable code out there)
- 73 percent of this 33 percent are powered by 4 platforms specifically – Drupal, Magento, WordPress, and Joomla
- Over 47 percent of the companies running websites on their own have no way of tracking open source code. They aren’t updating or changing components in an intuitive way, using correct standards
What Does This Mean for Us as WordPress Consultants?
This is an opportunity for us to increase the longevity of our client relationship. We can help them grow their site and increase the return on their initial investment through on going work. Dre sees a website as a living organism that actually comes to life the moment it goes into production. It’s therefore part of your role to encourage the growth and productivity of that living organism. There’s more to it than making it, handing it over and leaving it.
What Do We Need to Know as WordPress Consultants?
As a consultant you need to be all over – People, Processes and Technology.
You need to make sure that you have controls in place by implementing specific processes. Doing things like:
- Updating software in a timely manner (Outdated software is responsible for the majority of attacks)
- Checking on the updates of web server software, databases, 3rd party plugins, and hosting providers
- Looking at how your clients log into the website (ftp)
- Thinking more holistically: go beyond thinking just about WordPress. Look at how are we connecting, passing files, interacting, passing on data, passwords and misconfiguration of plugins. The list goes on!
Dre suggests using tools to help you do this in layers. Like the layers of an onion, if one gets peeled away, there’s another layer under it, protecting the centre.
Basically, make sure everything is segmented to protect the client against infection and reinfection.
“Soup Kitchen Servers”
Dre coined this term to describe a server that has everything, including the kitchen sink contained in it. The server has no segmentation, which puts it at huge risk of cross contamination – whether it’s vulnerable or not. Beware of the Soup Kitchen Server!
Finally, you have a responsibility to your client to have an agreement in place around website security. Discuss this important element of the build in the early stages of your engagement and make sure they fully understand the significance. “Delineate responsibilities through expectation management,” says Dre.
Be sure to download Dre’s free security checklist below. While you’re there, drop us a comment. Let us know if you’ve had any nightmare experiences with clients and website attacks. You won’t be the Lone Ranger!