Shauli Zacks of SafetyDetectives.com spoke with Lform’s CEO, Ian Loew, about some of the cybersecurity challenges faced by his team and the steps taken to secure client websites and apps. In the interview, he emphasized the importance of locking down hosting and vetting third-party plugins, especially for WordPress sites, which hackers often target.
Securing Client Websites and Apps
Ian Loew’s team takes a two-pronged approach to ensure the security of client websites and apps. They lock down hosting using firewalls, SSH keys, and Ubuntu Linux, so only authorized personnel can access the server. They also vet third-party plugins to prevent hackers from exploiting vulnerabilities in these plugins.
The Biggest Challenges When It Comes to Securing Client Apps and Websites
WordPress is one of the most popular CMSs, but hackers are constantly looking for vulnerabilities, especially with third-party plugins. Our team’s approach includes a two-pronged strategy of locking down the hosting and vetting third-party plugins. The servers are firewalled and only allow SSH and web access; remote users can only gain access through an SSH key. The default WordPress directory structure is not used to prevent automated vulnerability scanners from identifying common attack points. Mechanical bad actors are auto-banned after 10 missing-page requests and banned users cannot access any part of the site until the ban expires. Additionally, the default WordPress admin URL is blocked, admin accounts are locked out for an hour after five failed attempts, and admin passwords are 20 characters long and impossible to brute-force.
Preferred CMS for B2B Clients
Because WordPress is a common target for hackers, Ian recommends using a Laravel-based CMS like Statamic, which has all the essential features and avoids needing multiple plugins. Statamic is built on Laravel, considered the most secure and well-maintained PHP framework today, unlike WordPress, which uses an outdated code base.
Must-Have Security Features for E-Commerce Sites
The three crucial security measures that businesses can implement to protect sensitive information and prevent data breaches are:
- SSL encryption encrypts data transmitted between a customer’s browser and the website’s server.
- PCI compliance helps ensure merchants securely handle and store credit card information.
- Two-factor authentication (2FA) provides an additional layer of security by requiring users to provide two forms of identification to access their accounts.
These measures can help protect against unauthorized access and fraudulent transactions.
The Impact of AI on Online Marketing
Ian believes that AI will revolutionize online marketing. His team already uses AI-powered tools such as Grammarly for editing and proofreading. AI can also provide insights into customer behavior and trends, helping marketers find new opportunities and develop more effective strategies. Furthermore, AI-powered chatbots can instantly improve customer service by responding to customer inquiries, saving time and money, and improving the customer experience.
You can read the full interview here.