Security attacks on websites are attempted all day, every day: the concern is whether those attacks actually deface the website, steal user data, bring down the website, etc. Recently, WordPress discovered a major vulnerability through one of their Rest API’s that has compromised thousands of users websites. Bad actors could use this API to add or change content to the website at will; essentially giving these bad actors control over the look, feel, and content on affected websites.
Thankfully WordPress discovered this vulnerability, was able to notify their customers, and now is alerting those affected to update their websites accordingly. However, what if those users do not? They are sitting ducks until it’s too late.
Even if a potentially affected WordPress website is updated and secure now, it could have easily been compromised. This vulnerability gave bad actors access to a business's website(s) allowing them to change their content.
On Zesty.io, we work diligently to prevent these issues before they arise. Security is paramount, and our engineers work vigilantly to automatically provide security updates to our users and push those updates out accordingly. By taking all of the responsibility for our platform security, we minimize the possibility for bad actors to affect our clients’ sites. Additionally, we automatically provide all of our clients protection against DDoS attacks. This is largely done through our implantation of CloudFlare, software designed to detect and stop any DDoS attack attempts before they impact users visiting a webpage.
We can control a lot of external protection for sites, but we also provide tools for our clients to protect their sites internally. We are proud to offer two-factor authentication powered by our partner Authy for clients who take additional precautions by adding another layer of security. In addition, with Zesty.io, site administrators have the ability to assign user roles and permissions. These can be extremely granular, allowing certain users Contributor status, which means they can add content, but not publish it. This allows each user to be secure in what they can change on the website and the parts they can not. For those who manage multiple sites on Zesty.io, those permissions are on a per-site basis: meaning someone can be a publisher for one microsite and a contributor on the main site. These permissions and controls help to streamline internal workflow but also provide that extra security so updates to the site can be made only by those who need to be making those changes.
The tech community is very transparent, and we do our best to learn from each other. While we’re glad WordPress was able to catch this vulnerability, we’ve purposefully built our platform to learn from those mistakes early on and prevent such vulnerabilities from happening in the first place. Our architecture is what makes us different, and we’re proud to provide our clients unparalleled security measures. If you’re concerned about whether your site is secure or not, feel free to email us at email@example.com to discuss any concerns.
By Chloe Spilotro
Hooked onto the platform since first using it through the Zesty.io Incubator Program at the University of San Diego. Passionate about all things marketing, IoT, and helping businesses leverage technology to grow and become major players in their industries.