I work as a WordPress front-end developer in Australia. As a Website developer it’s important that the software I develop or Websites I create are as secure from Malware and hackers as they can be. Website security is an evolving issue and therefore it’s necessary that I continuously keep up to date with the latest in Webhosting and Website security.
Website Security for your Website
For your Website there are certain security precautions and best practices. The basics of security for WordPress, for end-users, are quite simple and generally include;
- Always apply Plugin, Theme and Software updates.
- Only use high quality and well coded Themes and Plugins;
- Delete any unused Plugins and Themes.
- Use as few Plugins as possible.
- Use very strong passwords and never use the admin username.
- Use a good Webhost.
- Always have a recent backup available from which to restore.
Your Website designer and developer should however be doing more to protect your Website.
Website Security for Front-End Developers
There are quite simply hundreds/thousands of ways that a Website may be hacked. Following the items listed above will avoid almost all hacking/malware attempts but there remains security testing and prevention that is beyond the technical knowledge (and time availability) of most end-users. It is therefore important for Website Designers and front-end developers to do ‘that bit extra’ to make their clients Websites safer and more secure.
One of the common means of more advanced security testing of Webhosts and Websites is termed penetration testing (a.k.a. pentest). Penetration testing is a very broad set of activities that tries to uncover security vulnerabilities so that the tester may fix these security flaws (hopefully before a hacker finds the flaw). Penetration testing tries to identify exploits by using tools to identify SQL injection possibilities, to try to crack passwords and so on.
Fortunately there are numerous software packages available that combine various pentest tools. This makes pentesting far simpler. Some of the more common sets of tools are Linux distributions such as Kali Linux (which has superseded BackTrack Linux) and BackBox Linux. Kali Linux is based on Debian Linux and BackBox on Ubuntu Linux.
There are various ways to run BackBox or Kali and my preferred method is by running either in a Virtual Machine using Oracle VirtualBox (within Windows 8 OS). Using a VM means that I can perform pentesting using Kali whilst I keep doing other work.
Preventing the Kali Linux ‘an installation step failed’ Error
When first installing Kali Linux in a VirtualBox VM I kept getting an error like ‘an installation step failed’. I thought I should document the problem in case anyone else encounters the same.
Basically here are the parameters I used in setting up Kali Linux on VirtualBox and which resulted in no problems:
- Set at least 4096MB Base Memory
- Use the 32-bit i386 ISO.
- Set at least 60GB as the virtual drive.
- Don’t change the video memory assigned by default.
- Set the operating system as Linux -> Debian
Hope the above helps.