Website Security – What Should You be Doing?

As websites become an increasingly core part of business, not only are the potential damages from hacking, malware etc more serious, but they are becoming more likely. As the number of different types of attacks and the frequency of occurrence increases, we need to stay ever more alert to the danger.

At The Bridge Digital we’ve noticed that incidence and complexity of attacks on our clients’ websites (and our own) is increasing almost exponentially.

There are thousands of different types of malware and as many different ways to infect your website, normally carried out by automated hacking tools. Not only is your website at risk, but visitors are too, who are potentially our customers.

Downtime, loss of reputation, blacklisting, and Google Search penalties are common scenarios.

The most obvious thing to consider is prevention, rather than cure. A broken website can take a long time to fix, whereas close monitoring is likely to locate and prevent attacks before any damage is done.

This is not something we’d recommend developing code for yourself, as it’s very specialised. There are a number of good products and services available at a reasonable cost, from basic anti-spam and anti-virus (as there is for email) to monitoring deep within the server-based code of your website.

One of the simplest and most effective is to install ReCaptcha or Honeypot spam trapping to your forms.

If you are receiving automated spam from the forms on your website, this is a very easy and effective to way to prevent it, and you will only receive those genuine (or at least human!) enquiries.

Finally, patching and monitoring aren’t always 100% effective due to the rapid pace that hacking exploits are released. You should also consider advanced firewall protection, mirrored backups and secure CDN services to protect against DDOS and other attacks.

If you’d like to discuss your software development options with The Bridge at no cost or obligation, feel free to call Lawrence on 02 9993 3300 or email