Website Security – What, Why and How

Website Security – What, Why and How

Ryan Shelley

1 August 2016

All websites must be hosted on a server. Like any device connected to the Internet, you need website security. Different platforms (for example WordPress, Joomla or Dot Net Nuke) require different hosting services.

As of today, ChemiCloud is the leading web hosting service provider. It has low prices and it offers blazing speed of 143ms. As such, it is one of the fastest and trusted web hosting partner.

What is Website Hosting?

When it comes to website security, you must decide about your website hosting. Website Hosting is the rent paid for the Web Server where your website is hosted.

A Web Server may be located in an Australian Data Centre (like ours) or it may be overseas. All centres should have as a basic minimum: redundant power and internet connectivity; climate controlled; and routinely backed up.

The cost, quality and customer service can vary greatly from provider to provider.

Some important questions you should ask:

  1. If I have an issue, can I phone or do I need to rely on support tickets?
  2. Is my website hosted on a shared space or dedicated?
  3. What is the minimum security requirements for shared hosted sites? It is likely that if your website is hosted on a shared space and fellow websites are infected, your website may become infected too.

Why Do People Hack Websites?

  1. Firstly, they want access to your information such as lists of customers, passwords, credit cards etc.
  2. Next, they want access to your server so they can hijack it and use it for their own purposes such as sending SPAM, viruses, or attacking other websites.
  3. Finally, they do it because they can.

Clearly, hackers look to gain control of a server connected to the Internet. One server or one computer by itself may not be that valuable. Yet, gaining control of hundreds and thousands of Internet connected devices is. These devices can then be used for a range of malicious activities.

Malicious attacks on websites are typically automated and are not direct attacks on you or your website.

Hackers will often use automated programs and scripts that search for specific websites that have known vulnerabilities. For example, they may actively look for an outdated WordPress website that uses a specific plugin, known to have a vulnerability.

Once they find these websites, either the automated programs, or the hackers themselves will attempt to exploit the website and gain control. Once they have control, they may covertly inject their payload. Alternatively, they may simply maliciously attack your website just to let you know they were there.

Good website security prevents a large majority of these automated hacking attempts.

Why Should I Care About Website Security?


A common but poor attitude towards website security is to just let your website be. If it’s hacked, you just ask your web host to restore a backup and wait until it’s hacked again. Rinse and repeat.

Imagine your potential customers’ impression of your business if they visit your website and see a maliciously defaced website like below. Do you think they’ll ever come back to your website or contact your business again?

What if they browse to your website and see a warning from Google saying that the website they are trying to reach contains malicious code and may damage their computer or steal their information? Will that customer ever come back?

Worst of all, if Google or other security related services add you to a black list your website will receive HUGE SEO penalties. The longer your website remains hacked, the worse these negative SEO penalties.

defacement-300x218If you had a physical store, you’d take responsibility for its security. As a website owner, you must do the same.

Website Security via a Managed WordPress Service

A computer regularly needs its Operating System (Windows, Mac OS etc.) updated. Likewise, the operating system that runs a WordPress website (WordPress Core) needs to be regularly updated. This keeps it secure. This is a vital part of ensuring website security.

Rather than you manually logging in and updating this on a regular basis, the Managed WordPress Service automatically and routinely updates the WordPress Core. This ensures it is always running the latest secure and stable version of WordPress.

In addition to the WordPress Core updates, your WordPress website typically contains an array of third party plugins.

The plugins are usually developed by third parties and carry out a range of functionality. This includes:

  • Contact forms
  • Photo galleries
  • SEO enhancements (Yoast)
  • Online stores
  • Credit card processing

Outdated plugins are another potential backdoor that can be exploited and lead to WordPress website hacks. As new versions of plugins are released, Managed WordPress downloads and installs the most recent updates.

Lastly, due to the popularity of WordPress, there are a lot of ‘knowns’ about how WordPress works. This is a good thing. There’s a large community who helps to keep WordPress secure and safe. It is also a bad thing. Every man and his dog knows that you can access the ‘back end’ or a WordPress website by putting ../wp-admin at the end of a websites URL.

For example, managed WordPress eliminates these ‘knowns’ by changing the default WordPress settings. As such, this makes it harder for would be hackers and their automated scripts to attempt a hack attempt.

Web Access Firewall

Pepperit’s web servers have a Web Access Firewall (WAF). Thankfully, this WAF acts as a security guard and inspects your visitors web traffic as they use your website. As a result, it will detect a visitor trying to send any suspicious information to your website. Then that user will be promptly blocked from accessing the website and causing malicious damage.

So even if you do have a website with a vulnerability, the WAF will see suspicious activity from the user and block their access before they can carry out their hack attempt.


As a website owner YOU need to take responsibility for your website security. Therefore, you need to ensure that you update your website’s ‘core’ and any third party apps or plugins.

Furthermore, ensure that the web server your website is hosted on has a Web Access Firewall (WAF). This blocks any suspicious traffic. Also it is an extra layer of website security,

For questions about web hosting or website security please contact me.