Once upon a time websites never had to do much in terms of security on their website, due to the lack of technology used throughout most websites and a lack of security vulnerabilities discovered. For example, SQL injection and hackers injecting malicious code was less common practice due to lower usage of backend scripting on web applications.
Nowadays, just looking at the source code of a website will show you that even the smallest of businesses incorporate scripts, CMS systems or plugins of some variation. If not displayed in the source code, tools such as BuiltWith can perform a full scan of a website and provide hackers with all they need to begin a deeper search to find the following:
- Out-of-date software
- Web security issues
- Configuration issues
- Vulnerable plugins and common vulnerabilities
- File locations
- Outdated CMS usage
It’s essential to perform security testing on websites and web applications now, with there being exploits found on common everyday CMS plugins all the time, it’s not uncommon to also require a web application firewall installed on your server now to protect your network, website or even just the files from being exploited, however when it comes to tests being performed, the methods bode down to many factors such as what platform is being used, hosting used and more.
If you’re not looking to test a website and want to test your network as a whole, you can look into our previous guide about how to do a pen test for beginners, which should help any beginner grasp the concept of pen testing.
Let’s dive right in now, shall we?
Website testing, how to begin?
First, you have to start by determining whether the website is static or whether it’s using a CMS. If it’s using a CMS then you need to work out which one it’s using and what version. This can be done easily though sites like BuiltWith.
Next it’s worth performing the simple check of whether SSL is installed. This is simple, does the site load up as http:// or https://? If the latter, SSL is installed.
Using online tools such as builtwith can be great for identifying what technology a site is running, this then gives you the information you need to start sniffing around for vulnerabilities. Many older versions of WordPress and its plugins have well-documented exploits.
What if the website I’m trying to test is a static website?
If the website you aim to test isn’t running a CMS on it of any kind then you need to figure out what the website is hosted on. If you find that they are running on shared hosting that’s typically really cheap such as GoDaddy and 1&1 then the website is likely to already be relatively secure.
This is because those types of websites are run and owned by big data centres that have proper security measures in place in which shared hosts are limited to only harming themselves.
Aside from that, we should look for other errors, such as the web server is hosting the website and the language and database (if any) are being used. This can be accomplished by creating cleverly designed messages for the web page or URL in unsanitized inputs, or by simply connecting into the application via Telnet and crafting inputs to decide information from there.
If a website is hosted on a common web server, it should always use the most recent version and fix any security holes that arise. A host is normally in charge of this. Furthermore, it is the website’s responsibility to ensure that the functions and code in their codebase are deemed “stable.” This ensures you’re not vulnerable to DDOS attacks, SQL bugs, XSS, CSRF attacks, and other threats.
However when it comes to static websites, you’re looking more at having to try and attack the data center it’s being stored on, or performing social engineering to achieve the results you desire.
What’s the best way to secure my WordPress website?
In most instances, WordPress is already relatively secure out of the box. The reason for this is it is an open source platform that is constantly contributed to by its peers from around the world. In the majority of circumstances, if your WordPress blog has been hacked it is 9/10 times because of one of the following reasons:
- Weak password usage
- Outdated plugins
- Cracked or “nulled” themes/plugins
- Human error (falling for social engineering techniques)
However if you are wanting to add some extra security to bolster up your blogs defence systems, you can try a few popular plugins available for free.
One of the most popular security plugins for WordPress at the moment is Wordfence. Taken from their website: “Wordfence Security is a firewall and malware scanner for WordPress. It can protect your website from hackers in two ways. The firewall stops malicious traffic from hitting your website.”
It is also recommended to set up some form of backup system to systematically backup your blog and everything that resides on it. This can ensure if something ever does go wrong, you can restore the original backup.
Note: Before restoring a backup after being hacked, it’s worth finding out WHAT caused the hack before you restore a backup, as ultimately you could be giving the attacker repeat access if it’s a vulnerable plugin or theme.
WordPress is one of the most secure options for creating your website, it’s versatile, secure out of the box and has additional security features that can be added through plugins.
Why not check out our other guides to learn more about website security and penetration testing.
Connie has been working within the cyber security industry for almost 10 years now, specialising in penetration testing or more specifically web application pen testing. She believes that everyone online should have access to this information and strives to provide people with the knowledge they need to begin within the industry and for others to stay safe online.