3 ways to stop Bad Robots
As we all strive to #BookDirect, thousands of Property Rental owners are building new websites - and we are helping many of them, but with progress there is always a risk.
As we explain here, more than 2/3rds of all websites (not just VR) have known security holes. Read on and take our 3 easy precautions or Bad Things may Happen.
"Bad Things may Happen"
This phrase has a special meaning in the technology sector. It is a tongue-in-cheek understatement for a technical crisis of 'catastrophic' proportions, summoning the four horsemen, the Apocalypse, computing’s Armageddon.
I first heard it from a very respected expert many years ago, and is usually phrased as:
“If we do [or don’t do] this, Bad Things may Happen”.
Meaning: This is too technical to explain, I really know what I am talking about, put down your phone / coffee and do what I say or it will be bad, really bad, the system may break, possibly irrecoverably.
The Security War
Our servers, like most popular sites on the internet, are always being attacked (we log over 10,000 attempts daily). It is the robotic equivalent of flattery - the attacking computer thinks there is something of value on our site.
It’s not personal - literally - it is a (bad) computer robot that has found the website. It shares what it has found with thousands of other bad robots, and they will keep poking around to find a way in.
They don’t get bored failing a million times, they will carry on forever or until some part of the technical chain finds a way of stopping them. Then the robots evolve (with help from bad humans) and it all starts again.
Think of it as a rolling battle between the brightest cyber crooks and the brightest good guys, all around the globe, and it has been going on for decades.
What should you do about it?
Firstly don't be complacent.
Just because you have blocked China and Russia, don't think you are safe (over 60% of our suspicious traffic appears to come from the USA). Don't assume hosting on a supposedly secure option like Lodgify, Wix, Weebly or any other service guarantees safety, they are all constantly being probed.
These are the 3 simplest ways to protect you.
It's more than just "don't use 12345678 as a password"...
- Never, ever share your password. Instead create another user if you want to allow someone else access to your site. If you absolutely have to share a password, never send it on the same channel as your login ID (e.g. send login ID by email, and password by SMS)
- Never, ever write your password down. If it's on paper, it can be seen by any curious visitor. (It is however considered 'safe' to let your browser remember it, as long as your computer / phone is password or fingerprint protected)
- Never, ever use the same password on different sites. If a robot does somehow guess it correctly, it will try the same password on your email account and across literally millions of other sites.
- Short, easily remembered passwords are easily guessed. The bad robots will try billions of combinations, including every password they have ever found. Instead use suggested cryptic passwords that your browser remembers, or my preference, use an easily remembered personal sentence (like 'IHaveNeverBeen2BornholmB4')
Remember that your email password is very special. It is like a master key, because most services (including many Banks) allow you to verify your identity or reset a site's password by a simple email confirmation.
2. Keep Current
The bad robots mainly target out-of-date versions of plugins, add-ons, widgets, themes and web servers (PHP, Linux etc).
The good guys (called White Hat developers) usually find any security holes before the bad guys. They secretly tell the developers, who plug the gap and release an update before the details become generally known. There is in fact an enormous industry around this. Are you getting those updates as soon as they are released?
Let's take PHP for example. It runs 80% of all websites (worldwide), and almost unbelievably over 2/3rds of these websites are on insecure, unsupported versions with publicly known vulnerabilities. Yes, you read that right, and this is only one of literally thousands of components in your website.
So make sure you automatically update your theme and plugins/add-ons etc. WordPress has many auto-update plugins. If you have a component that is not actively supported, it should be replaced, promptly (yes, you guessed it, or bad things may happen).
You also should make sure your hosting service is on top of all of your infrastructure, including your PHP version.
Fortunately at Vacation Soup we also offer a website management service for taking care of this for you.
3. Install WordFence
Most of our owners have websites built with WordPress. The WordFence plugin is the equivalent of your own defensive army, and it is connected to over 3 million other websites, sharing defensive strategies.
The free version provides adequate protection for most property rental sites, as long as you follow the recommendations in it regularly. The paid for version has real-time sharing, so your site blocks a potential attacker as soon as any one of the millions of protected sites is attacked.