First and foremost, if you’re using a popular Content Management System (CMS) like WordPress, you’ll want to install some sort of security software on your server, or an anti-malware plugin on your website. Two popular plugins for WordPress that have free versions available are WordFence and iThemes Security. I’ve tried both, and generally, I like WordFence a lot.
After installing your security plugin, check with your website hosting company to see if they offer a firewall or other protection to keep out intruders. Use secure passwords and make sure that your CMS is updated to the latest stable version, as well as all of your plugins. This is all standard advice, but there’s even more you can do.
According to WordFence, the attacks we saw recently were known as supply chain attacks. Some of these are made by hackers, and some may even be built into plugins as part of the original package. What better way to get distribution for your malicious software than by sneaking it into your free tools and programs? We’ve seen this with mobile apps, as well as website plugins. Luckily, the WordPress plugin repository removes and bans plugins that are using stealth methods to insert their crypto mining software into websites, such as the Animated Weather Widget by weatherfor.us. But what about code that gets infiltrated by bots looking for security holes?
In your HTML, you’d normally use code that looks like this to add the popular JS library, jQuery:
To implement SRI, you’d instead use code like this:
This might be alien to some of you, so just make sure you get your developer to utilize this methodology when updating your website. All you need to do is visit this page to create the hash: https://report-uri.com/home/sri_hash
Daniel is an experienced and dynamic entrepreneur with a demonstrated history of launching and operating successful businesses. Skilled in Business Strategy, Technical Consulting, Coaching, Sales, Entrepreneurship, Team Building, and Public Speaking.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.