Protecting your passwords and information is an important factor of site security. There are many ways of protecting your information at the site and server level with firewalls and configuration plugins, but making sure your computer is secure is an important component as well. The two most common site compromises result from outdated software and from the harvesting of login credentials, like your FTP/SFTP and web site CMS logins from the computer used to update your website.
There are many ways an attacker can use to gather your logins and passwords from your computer. These vectors include, viruses, trojans, malware, spyware, email exploits and worms. To protect yourself from these malicious attacks and to keep an attacker from obtaining your information and hacking your site, you must maintain a secure workstation.
Warning: Even if you resolve a site compromise, if your computer is not secured, it is likely the malicious party will harvest your new passwords and compromise your site again.
There are many ways to help keep your computer secure. A few of these are listed below.
- Keep your operating system up to date. (Windows update, Mac software updates).
- Keep your web browser up to date.
- Use a virus scanner, perform regular scans and update the software as requested to keep virus definitions up to date.
- In conjunction with your virus scanner, use a malware/spyware scanner regularly.
- Use SFTP for Linux or FTPS for Windows instead of FTP to perform site updates.
- DO NOT install browser plugins from untrusted parties.
- DO NOT install software downloaded from the Internet from untrusted parties.
When verifying a trusted third party plugin or software on the Internet, there are a few considerations to make before downloading anything from the site:
- Domain name - Is it the domain name you expect to be at?
- Site content - Does the site look off or incorrect in a weird way; does it feel like you're at a knock off for some reason?
- Pop-ups & Ads - Are you seeing any weird pop-ups or ads that are out of place for what you normally would expect? (examples: A news site showing ads for Miracle cures, explicit content or other ads that seem out of place. A blog about cooking but there are pop-ups saying you need to scan your PC.)
- SSL - Do they have one? Have they had one before? Is it still valid?
- Requesting Data/Access - Is the site requesting you provide it with data, input username/password, or to be given access to your device? Should it be asking for those things for any reason? If it should be asking for user/password are you sure it's the right site?
- If it is a browser extension or add-on, take a look at the reviews and number of times it's been downloaded - the lower the review and downloads, the more possibility of it being malicious there is.
Following these outlines will help you keep your computer secure. Next, learn about password security in our article Creating a Secure Password.