Although some careers have faded over time, there will always be a need for web designers. Why? As each year passes, the job becomes more complicated. New responsibilities emerge that span a range of automated and no-code tools.
Website security is a great example. It’s always been a concern – even when I started down this path back in the mid-1990s. Back then, the main concern was a hacked FTP password or an angry ex-colleague corrupting / deleting files. These days, it’s much more. Like a pesky bug that has turned into a giant sea monster.
And that monster has completely wrapped its tentacles around this grumpy designer. Work has become a vicious cycle of malware infection, cleaning and re-infection. Then again.
WordPress is the main target of the monster’s negligence. That should come as no surprise, as the content management system (CMS) is constantly under attack. It ends up powering more than 40% of the web.
Sadly, I know I’m not the only one facing this sort of debacle. With that, I wanted to share some thoughts, ideas and suggestions to put that monster back in its place.
It’s Not Good To Be Careful
The cold reality of website security is that there are no guarantees. Malware can compromise almost every site. It happens to even the most careful among us.
As it relates to WordPress, being careful means keeping a few basics in mind:
- Audit the theme and plugins we install;
- Implement updates regularly;
- Using secure and complex passwords;
- Host the site on a service that takes security seriously;
- Ensure that file permissions are in line with WordPress recommendations;
- adding additional layers of protection such as security plugins and firewalls;
Although there is more to it than that, the above actions provide a solid foundation. The idea is to protect against the most basic types of attacks. I hope it will also discourage some more complicated efforts.
The frustrating aspect of this approach is that you are only as strong as the weakest link in your security. Even reputable plugins can have security holes. And there are many vectors that an attacker can use to cause trouble – including some that are beyond our direct control.
Therefore, being careful is not good enough to prevent all attacks.
Clean Up Hack Is A Drain On Resources
Despite taking steps to avoid security issues, hacks still happen. And when they do, cleaning up the aftermath can be a difficult task.
The process involves identifying any malicious files – including legitimate WordPress core files that may be modified. Security scanners like those found in the Wordfence plugin can help identify files, but there are caveats.
If the site administrator account has been compromised, or if an attacker used a security hole to gain access to the WordPress dashboard – all bets are off. They would have the ability to deactivate a security plugin. From there, they could wreak all kinds of havoc while remaining unconscious.
Additionally, determining how malware got onto your site is rarely simple. I can’t count the number of times I thought I found the culprit, only to be proven wrong after subsequent infections. It often takes combing through files and studying security blogs to find an answer. But some issues can remain a mystery.
Not only does this stress everyone involved, but it also hinders your ability to work on other projects. A security breach is kind of an all-hands-on situation. If you happen to be a freelancer, your hands will definitely be tied in fixing a hacked site.
What Else Can Web Designers Do?
As I mentioned before, there is only so much within our control. Web designers can make informed decisions, but our projects can fall prey to malware. In some ways, it seems like a hopeless situation.
However, security threats are not going away. If anything, they will continue to grow exponentially. That means we have to keep trying.
Here are some strategies that may help:
Become a Plugin Miner
While keeping unnecessary WordPress plugins installed is not a good idea, it can also be dangerous. That’s why it’s worth removing anything you don’t want.
In some cases, it may be worth creating a barebones custom plugin where possible. Malicious bots attempt to sneak in known vulnerabilities within WordPress core and specific plugins. This could be a way to reduce risk while still maintaining functionality.
Regardless, it’s also a good idea to keep up with what’s happening with the plugins you install. Make sure they are updated regularly and try to avoid any that are no longer maintained.
Ask Clients to Invest in Security
Security can be a significant part of a web designer’s job. A lot of work goes into strengthening a website and mitigating any issues that arise. But our prices don’t always reflect that reality.
Therefore, it makes sense to ask clients to invest in this area. By recommending security-related tools and services, you are proactively adding additional layers of protection. And by including regular security checks in your maintenance packages, you’ll be keeping a close eye on what’s happening.
Another benefit of this strategy is that you are raising security awareness. When clients have a better understanding of the matter, they are more likely to take preventive measures.
Make a Cleaning Plan
It’s safe to say that none of us want to deal with a hacked site. We do everything we can to try to prevent it. And … it happens anyway.
Therefore, it is better to prepare for this situation rather than burying your head in the sand. Develop a process that helps you clean up a compromised site effectively.
It may not always work the first (or second) time. But every failure is a good learning experience. Eventually, you will refine the process and increase your odds of success.
Get Professional Help
Managing website security is a mess and frustration – enough to put any of us in therapy. That kind of professional help is always welcome. But not the kind I’m talking about here.
Rather, I’m talking about working with security professionals. For example, services that help lock down your client’s websites and rid them of any infections.
There is a cost involved – one that you can pass on to your clients. And it might just save your sanity in the long run.
Malware Chaos The New Normal
In some ways, securing a website is like a game of cat and mouse. For every gap you close, another appears. Malicious actors are constantly changing their methods to attack WordPress and other platforms. And none of us are immune.
This makes our job more difficult and time consuming. And it also makes website maintenance more expensive for our clients.
Certainly, this is not what I imagined when I started as a web designer. It’s unlikely that many of us got into this industry because we like to clean up malware. But like it or not, this is the new normal. And we are the last line of defense against this proverbial sea monster. We cannot go down without a fight.