Third party plugins for your site

There are many free programs on the internet that you can install on your website to add functionality while reducing development costs. This all comes with hidden risks that could open your website to hackers and cause you to lose valuable information, money and time.

It's a tough lesson to learn when one day you browse to your site and get a "page not found" error and then find that all of your files and database have been erased. We learned this lesson a while back when evaluating a popular "open-source" forum program.

A hacker gained access to the file system of the site by finding a backdoor (bug) in the forum software. Once they got in they were able to do anything they desired which in this case was deleting the files and database of the web site.

Fortunately we run regular backups which allowed us to recover quickly. We removed the problem software and haven't had an incident since.

The caveat with using well known web-site plugins is that in most cases the source code is not encrypted/compiled and therefore can be analyzed for weakness with far less effort than if it were compiled. Even compiled programs can be analyzed by sophisticated hackers who get their thrills by gaining unauthorized access to websites and computers for the purposes of causing others grief.

The advantage of using custom programs is analogous to an insurance policy. In this context though, the source code is not available to the public and therefore it is far less likely that a hacker will find the information needed to break down the program and gain access to your site.

If your website contains critical data that you cannot afford to lose be very cautious when choosing what programs you will install on your website. Sometimes the extra cost to develop a custom application is well worth the extra security that it provides. We don't regret it… not for a second.