Breaking the Design Hierarchy: Putting Security First
When it comes to designing a website for your business, the first thing every designer, amateur or otherwise, thinks about is how it will look. From the images and animations to the fonts, layout, and logo, the styling is often the first port of call in the design hierarchy. As we’ve shown in the past, there are plenty of ways to create something attention-grabbing, like a logo, with ease. Beyond the aesthetics, the user experience and how to promote the site then start to become a consideration. However, while this order of events is understandable, it’s not ideal.
WordPress Isn’t Impenetrable
When you consider all the available evidence, security really should be the first, the last and everything when it comes to building a website in the modern day. Of course, that doesn’t mean you should forget about how your site looks or the way users move from point A to point B but security has become an increasing concern for website owners over the last decade. Indeed, as solid as WordPress is as a platform, it’s not infallible. In December 2017, a brute-force attack saw 190,000 WordPress sites targeted every hour. According to security experts, at its peak, the incident saw 14 million attacks per hour as the virus sought to install a Monero (a type of cryptocurrency) miner into sites.
The incident continued into 2018 and makes up just one of many high profile cyber-breaches that have taken place this year. By far the highest profile was the data leak from the MyFitnessPal app. Owned by Under Armour, the app has become the largest fitness aid in recent years, but a vulnerability compromised 150 million accounts in late February 2018. Put simply, security is an ongoing concern that all website owners need to consider. This is something WordPress has always taken seriously. Internally, the company has approximately 50 experts working with other agencies to ensure the backend is safe. Indeed, the “WordPress HackerOne” software is designed to flag-up potential security flaws as they develop.
Making Use of Web Application Firewalls
However, even with these provisions in place, designers can’t assume their sites will be fine. A web application firewall is an essential tool for any business with an online presence. Essentially creating a gateway between a website and the internet at large, a web application firewall filters out malicious visitors. Using a cloud-based system allows designers to slot the software into their existing product without having to make any major changes to their underlying infrastructure and manage it as a service, rather than expensive IT. In other words, web application firewalls are a great way for designers to cover themselves after the fact. Assuming that those in charge of the project haven’t considered OWASP’s top ten cyber threats and focused more on the looks of a site, it isn’t the end of the world.
By plugging in a web application firewall once the website is up and running, the owner is protected from SQL injections, XSS attacks and basically all the things that have plagued WordPress and other platforms in the past. Is it the ultimate solution? No. To ensure a website is fully protected, using a combination of internal and external security measures is optimal. However, in the event that the standard “aesthetics first” hierarchy has been followed, web application firewalls are one of the most popular ways to protect you and your online assets