The importance of keeping website code up to date
In the current climate of Internet Security and the increased occurrence of hacking, it is more vital than ever that website owners ensure that the software behind their websites is kept up to date.
One of the richest sources for hacking is out of date software. As software ages, security vulnerabilities become known and are regularly published on the internet.
These vulnerabilities are then studied by hackers to work out how they can be best exploited – for example do they reveal user passwords, or do they allow the hacker to install software on a computer. The idea of anti-virus for a desktop machine has been around for a long time, as is updating your software on your PC, but this issue also affects website software too.
Website hackers love finding exploits in website software. It is because of their very nature – websites live on powerful, always-on web servers which can be accessed 24 hours a day. They require no user interaction to operate and can often be manipulated without anyone knowing. Hackers often exploit web software for three main reasons:
1) to redirect website users to another website
2) to bring down a site to stop it from operating
3) to extract customer details, card details, passwords and other sensitive information whilst keeping the website running
Website software is the code which powers your website. Depending on your website, the code may be as simple as a blog engine or as powerful as an enterprise level e-commerce site. Even the most basic of websites has some sort of code behind it. So there is every chance that your website is driven by code and you should be aware of this issue. The next step is to ascertain what the code actually is and how up to date it is.
Code usually falls under two brackets: bespoke and framework. Bespoke code is that which was written from the ground up to suit the need of the website. This can only be upgraded by software developers and they should be contacted if you believe your code is over than 2 years old. If the original developers are no longer responsible for your code, you should do an immediate audit of the software, code and database to ensure you aren’t running a potentially insecure system.
Framework code runs websites based on already-established code packages such as WordPress, Drupal, Magento, Joomla and Opencart. Hackers will study the code behind them in great detail to see if there are any potential exploits, and seek to manipulate them before the software owners have chance to fix the issues. Fortunately most of these frameworks offer website owners the ability to make sure their software is secure. If you run a Framework site, then log into the administration panels and see if there are any alerts or warnings to upgrade your website.
We deal with older websites in need of attention on a regular basis and are able to assist in most matters. Sometimes clients will need a new website code developing, other times there are simple fixes to help keep sites secure. With the increasing number of high-profile website security breaches being made public, website owners must look at website security as a priority. Even a website crafted a few years ago to the highest of standards can potentially be exploited – there is no room for complacency.