editione1.0.0
Updated October 9, 2023It can be challenging to find replacements for unsupported plugins and apps. If you search in the plugin or app store for “shopping cart” functionality, you will probably have thousands of lines of results. Shopping for a plugin is kind of similar to shopping for anything online. You have to have some criteria to filter down to a smaller set of options that check your boxes. The boxes here determine whether a plugin or app is safe to use.
You can run through these questions when you are assessing a new plugin or app to use for your website:
When was it last updated? Acceptable answers are within the past four weeks. The further it gets away from this date, the more risky it is.
Who manages this app? Acceptable answers include recognizable companies, your hosting provider, or the owners of the CMS or website software you use. If you have not heard of the author, Google or search their name online. If the results come up with limited results, that is a red flag and you should move onto the next.
Do they provide customer support? Is there an email address you can contact? Do they have documentation and help pages to understand how to use the app? If not, that is another red flag.
Is the app well reviewed and endorsed by your hosting or website software provider? Did the most recent reviews have positive mention of the customer support? Are there any reviews about security concerns?
Answering these questions will allow your gut to get a good feel for if a plugin or app is safe. There are going to be so many options out there, you’ll want to make sure you are going with one you won’t have to replace later.
In some cases you might have had a need for remote access to your actual website server. This might be because a third party was helping you set up the website, and using remote access software was easier for them (rather than giving them access via your account). This remote access usually works in the form of special access, or ports, being opened up on your website server itself. Opening up remote access is not as secret as it might seem—when attackers are scanning the internet for websites to attack, they are also checking to see what other access is opened up.
important With remote access being so different from just logging in via a website, you don’t immediately think about it when it comes to security. Remote access is often configured with just a password. Think of it like putting some heavy-duty locks on your front door, while leaving your windows unlocked. This access needs to be protected to the same degree as your accounts, including a unique password and 2FA.
confusion More often than not, though, it is not you using this access but the people you have hired to help with your website. Make security for this access a rule, and require third parties to follow the rules or their access will be turned off. With IT, there are usually multiple ways to achieve the same goal, so be empowered to challenge your hired IT support when they ask for things to be set up a certain way. Just because they know about IT, doesn’t mean they are security experts. They are often more likely to follow the path of least resistance to help with your website, rather than making it as secure as it can be.