WAF – The Last Line Of Defence For Websites

As we’ve discussed in recent blogs – from how security is becoming more and more important as a ranking factor for Google to the importance of regularly maintaining and updating your CMS – keeping your website secure is becoming one of the single most important things your business can do.

With the use of Content Management Systems such as WordPress and Magento having increased exponentially over the past five years, it has given hackers an increased chance at exploiting flaws in the system. This is due in part to being provided with a large target area to focus on, as X amount of sites could potentially all have the same security vulnerability – whether due to a plug-in they’ve used or not updating their site to the current version.

This isn’t as time consuming for hackers as it sounds either. With the deployment of programmed bots, all the hard work is done for the hacker. Chances are the only bot you’ve heard of, especially if you run an SEO campaign, is the Googlebot which will visit your site and index the pages so they appear in search results. But they’re not the only ones out there. To counteract the worker-bee bots there are a bunch of malicious bots that are swarming across the net leaving a trail of hacked websites and downed services in their wake. In fact it was reported by Incapsula at the end of 2015 that while humans account for over half of online traffic, bad bots account for nearly a third.

Image Courtesy Imperva

We’re not immune from these attacks either. In fact three of our clients were hacked in 2015 by bots crawling their site and exploiting holes in their security, but due to our proactive approach and the web maintenance support contract these clients have with us we were able to deal with the threat, remove the hack and have their sites back online within 48 hours – an outstanding turnaround for any business.

Getting to the bottom of these hacks, we noticed a startling trend as all of the attacks were disguised as genuine requests made through website forms.

It is for this reason that we’ve recently partnered with one of the UK’s biggest hosting providers to offer Web Application Firewall (WAF) to further secure our client’s websites.

For those unfamiliar, WAF’s protect your data from hackers trying to exploit weaknesses in your application code by inspecting every web request that comes your way for cross-site scripting, SQL injection and over 400 other types of attacks – things that a traditional firewall will overlook and be unable to guard against.

By offering WAF as part of our Web Maintenance Package you benefit from:

• Protection against application layer attacks
• Protection from all inbound and outbound traffic, ensuring your database doesn’t release any information that it shouldn’t
• Inbound traffic monitoring and report production which illustrates the level of traffic targeting your site
• A specialised team of security experts overseeing your WAF and continually identifying new rules to better protect your site

This is on top of all the other important aspects of our Web Maintenance Package, including:

• Updating your plug-ins and ensuring that they are all supported by the version of the CMS you have installed.
• Checking your site regularly to ensure that everything is in full working order and your website is always compatible with the latest browser updates
• Dealing with any issues you come across in as efficient a way as possible. This means there’s no frantic panicking if things go wrong or you’re not covered for web maintenance and don’t know how to fix an issue.

This all leads to peace of mind for you. By taking the burden of updates and concerns with compatibility away from you, it ensures that security is never a second thought and never unnecessarily delayed and you get the best possible protection by two of the UK’s best web companies.

Talk to our team today and find out how a Web Maintenance Package can give you peace of mind.