As the founder of a young company, I have to learn and do IT things that I have no specific formal education of. Starting in September 2017, I spent three months planning and studying web development using the WordPress platform. After choosing my host provider, I spent the next three months executing the plan and building my first website. It was not an easy feat navigating very slowly through thick technological bushes. It’s been three years and still, I felt still pretty much wet behind the ear.
One of the company websites I managed was gravely impacted by bots attack recently. The first indicator was some noticeable changes to the websites standard/original formatting. This creates unsightly pages, poor font placements and bad colour combinations. Another adverse impact of the bots after gaining access was to target files, preventing seamless updates. It was difficult to detect because the site seems to continue working. Some pages looked like they’re not affected but only because it was showing static page from the cache.
I tried to use the host web admin page to restore the damage website. Unfortunately, the bots has probably damaged the database too much that restoration failed. In view of this, the help of an IT expert became a necessity. The company’s maintenance plan (business continuity plan) covered the process of recovery.
It became clear to me that I need to improve the first layer of security to our company Website by using a reCAPTCHA cross check. It is a free plugin available to WordPress platform users. This move was designed to help our site auto-detect abusive traffic and harmful bots that can take down a company’s database. Google reCAPTCHA returns a score based on the interactions with the website and provides web admin flexibility to take appropriate and corrective actions. All web subscription and contact forms now have a reCaptcha.
“The newest version is called reCAPTCHA v3 which fundamentally changes how sites can test for human vs. bot activities. It returns a score to help you gauge how suspicious an interaction is and eliminating the need to interrupt users with challenges at all. The reCAPTCHA v3 runs adaptive risk analysis in the background to alert you of suspicious traffic while letting your human users enjoy a frictionless experience on your site (Google blog, 2018).”
One challenge that stumped me for a couple of days after installing and configuring reCaptcha into the website forms was “it’s not showing up.” The reCaptcha was missing for some reason.
If you are missing reCAPTCHA after activation, first follow these steps:
- Log out.
- Clear the browser internet cache
- Close browser
- Reopen your browser
- Make sure cookies are allowed/enabled in your settings
- Log in and try again.
If you are still missing reCAPTCHA after doing the above (because it happened to me), do the following. It worked!
- Review all active form plugins in your website.
- Try using only one form plugin in your site. Unused plugins must be removed or deactivated. This rule applies to all unused plugins.
I realized that the more plugins a website has, the weaker the security is, the higher the risk of attacks. To understand this, one has to remember that a big percentage of plugins are open source. As such, they use vulnerable third party components. The thing is, I don’t think we can stop using open source plugins. Therefore, we have to be aware of the existing security holes and do continuous monitoring. If you have the budget, buy some more web security anti-spam, anti-bots addon.
About the Author:
Rufran C. Frago is the Founder of PM Solution Pro, a Calgary consulting, product, and training services firm focusing on project and business management solutions. He is passionate providing advice, mentorship, education and training through consultation, collaboration, and what he uniquely calls, student-led training.
BOOKS AUTHORED BY RUFRAN FRAGO
- Risk-based Management in the World of Threats and Opportunities: A Project Controls Perspective.ISBN 978-0-9947608-0-7.Canada
- Plan to Schedule, Schedule to Plan.ISBN 978-0-9947608-2-1.Canada
- How to Create a Good Quality P50 Risk-based Baseline Schedule.ISBN 978-0-9947608-1-4.Canada
- Schedule Quantitative Risk Analysis (Traditional Method).ISBN 978-0-9947608-3-8.Canada
- RISK, What are you? The Risk Management Poem: Children’s Book for all Professionals.ISBN 978-0-9947608-4-5 (Canada)