Episode #111 - Client Website Security with Dre Armeda - a podcast by WordPress business specialist Troy Dean featuring Seth Godin, Michael Gerber, Guy Kawasaki, Joe Pulizzi, Andrew Warner, James Schramko, Brian Clark, Ed Dale, Dan Norris and many more.
from 2017-02-02T07:30
Watch the video of this podcast here.
Dre’s passion for security and educating people about risk and prevention clearly translates in his delivery of information and strategies in his discussion with Kristina.
Let's Begin With Some Dre- Stats:
- There are 1.1 billion active websites on the internet today
- 33 percent are powered by some sort of CMS (so there is a lot of vulnerable code out there)
- 73 percent of this 33 percent are powered by 4 platforms specifically - Drupal, Magento, WordPress, and Joomla
- Over 47 percent of the companies running websites on their own have no way of tracking open source code. They aren't updating or changing components in an intuitive way, using correct standards
What Does This Mean for Us as Wordpress Consultants?
This is an opportunity for us to increase the longevity of our client relationship. We can help them grow their site and increase the return on their initial investment through on going work. Dre sees a website as a living organism that actually comes to life the moment it goes into production. It's, therefore, part of your role to encourage the growth and productivity of that living organism. There's more to it than making it, handing it over and leaving it.
What Do We Need to Know as Wordpress Consultants?
As a consultant, you need to be all over - People, Processes and Technology.
You need to make sure that you have controls in place by implementing specific processes. Doing things like:
- Updating software in a timely manner (Outdated software is responsible for the majority of attacks)
- Checking on the updates of web server software, databases, 3rd party plugins, and hosting providers
- Looking at how your clients log into the website (FTP)
- Thinking more holistically: go beyond thinking just about WordPress. Look at how are we connecting, passing files, interacting, passing on data, passwords and misconfiguration of plugins. The list goes on!
Dre suggests using tools to help you do this in layers. Like the layers of an onion, if one gets peeled away, there’s another layer under it, protecting the centre.
Basically, make sure everything is segmented to protect the client against infection and reinfection.
“Soup Kitchen Servers”
Dre coined this term to describe a server that has everything, including the kitchen sink contained in it. The server has no segmentation, which puts it at huge risk of cross contamination - whether it’s vulnerable or not. Beware of the Soup Kitchen Server!
Finally, you have a responsibility to your client to have an agreement in place around website security. Discuss this important element of the build in the early stages of your engagement and make sure they fully understand the significance. "Delineate responsibilities through expectation management," says Dre.
Be sure to download Dre's free security checklist below. While you're there, drop us a comment. Let us know if you've had any nightmare experiences with clients and website attacks. You won't be the Lone Ranger!
See omnystudio.com/listener for privacy information.
Further episodes of WP Elevation WordPress Business Podcast