What Makes a Website Vulnerable
Have you ever wanted to know just what makes a website vulnerable to attacks? The contributing factors mirror physical vulnerabilities in a lot of ways. We can classify types of vulnerabilities to get a better understanding at a high level.
- Hardware and Emulated Hardware
- Operating System
- Web Server
- Coding Platform and Code Base
- Users and Administrators
The collection of these categories make up what is called an attack plane. Limiting exposure to elements of the attack plane is a great way to keep things secure.
1. Hardware and Emulated Hardware
The first category of items that make a website vulnerable is the actual hardware (emulated and real) it’s running on. Can an unauthorized person gain control over the server? Did they steal your hosting password or account keys? Gaining administrative access to the hardware often means the ability to take over any websites running on the hardware itself. A hacker may redirect traffic to a cloned site, they may delete all your files, they might even just create new websites right on the server and try to remain hidden.
2. Operating System
Linux, Windows Server, Solaris, OS2 Warp – these are all products you’ve probably heard about. An operating system provides underlying functionality to software a user installs. For example, it stores files on a drive or sends data through the network. You can imagine that if someone were to obtain administrative access here, they could do almost what ever they wished with your data.
3. Web Server
The two most popular modern web servers for WordPress, Joomla, or Drupal are Apache and Nginx. Both have similar configurations in terms of security. The web server is in charge of important things like session, data passed to the code on the website, and what files are served.
4. Coding Platform and Code Base
WordPress, Joomla, and Drupal are all written in a coding language called PHP (the code platform). The solutions have their own code base, code coming from themes, plugins, extensions, and any custom code written by developers specifically for your business.
5. Users and Administrators
Finally, we have a human element. The users and administrators of websites can contribute to vulnerabilities through the sharing of passwords, installation of plugins and themes, poor password creation, and unwise permissions.