This website has gone through a lot of changes since our first blog post. In eight years, DavaoBase has switched from plain HTML to the more robust WordPress framework, changed the site design at least three times, and used a wide variety of image editing and social media apps.
You may have noticed all of these improvements as you browse through our pages — and hey, thanks so much for supporting us through the years! However, one of the things that usually go unnoticed is our website security measures. Any website owner knows how important it is to maintain security of the site. Disregarding the importance of web security may lead to data corruption, malware infiltration, or the outright disappearance of the entire site (gasp!).
I was recently shaken to reality when we received a message from a web security researcher named Crtc4l:
Hello! I would like to report that your website has a vulnerability and this is considered as a high risk and it can lead to account takeover vulnerability.
The message came at an opportune time, not only due to the increased need for safer and more secure online environments, but also because I just finished the entire season of CSI:Cyber! To cut the long story short, the series of messages revealed some security vulnerabilities of our site.
Normally, this kind of message may sound like it came from a spammer or a malicious entity. However, I felt the urge to check the site myself, and what the specialist said were all true. As a response, I addressed a lot of pending security threats in the site.
If you are unsure about your site’s security, these security measures that I recently implemented on DavaoBase may help you strengthen your WordPress website:
- Perform scan on all files and folders for potential malware or security threats
- Updated WordPress plugins
- Deleted files that reveal version numbers of site framework
- Disable directory listing for public viewing
- Deleted all WordPress core files and did a fresh installation
- Installed security plugins to detect unauthorized logins and file / folder changes
- Disabled the default wp-admin pages
I’m pretty sure I’m just scratching the surface in terms of making the site security airtight. However, I’m confident that these initial measures should protect the site from some of the most common threats in the online world.
(Thanks to Crtc4l for alerting me of the security vulnerabilities even without asking for payment. The world needs more whitehat specialists like you!)