How to Secure Your Website

In 7 Easy Steps.

Before you go...

We don’t mean to brag, but our monthly newsletters are pretty damn good. They’re filled with useful information and how to's to help you grow your business. So do the smart thing, sign up below to get them in your inbox.

No spam, we promise!

Want to improve your website?

Why not claim one of our free, no-obligation video audits? We’ll analyse your site from both a design and technical perspective. Then we’ll send you a video showing you what's holding your site back with tips on what to improve.

By requesting your audit you consent to being added to our mailing list. We will never sell your information, and you can withdraw your consent to receive marketing materials at any time. A full copy of our privacy policy is available here.

There are two main reasons that you need to secure your website.

Firstly, to protect your site, and yours and your users’ data.

Did you know that hacking is the number one method of data breaches online, accounting for 61.9% of lost information? There’s a cyber attack attempted every 39 seconds, of every hour, of every day.

That’s a lot.

And 43% of those cyberattacks target small businesses. That too is a lot.

And secondly, for Google. …or any other search engine you use. Search engines want their users to have the safest web experience possible. That’s why they favour sites with a good level of security. A secure site will achieve a higher page ranking than an insecure site.

So now you know why it’s important, follow these 7 simple steps to secure your website, keep the hackers out, and become Google’s best friend at the same time.


#1 – Passwords

Don’t use an easy to guess username and password combination. It’s the equivalent of going out and leaving your front door open. Common sense. Use a long password with a mix of letters, numbers and symbols. If you’re worried you may forget them there are several great password vaults out there which can store them for you, such as LastPass.

#2 – Install An SSL Certificate

OK, first thing’s first. SSL stands for Secure Sockets Layer. Now you know what it is, let’s explain what it does.

Installing an SSL certificate encrypts certain data that gets passed between your site and it’s users. It’s also high on Google’s list of agreeable things – so it’s super important for SEO purposes.

The SSL certificate is issued by your hosting provider, and there’s often a free option that suits most websites. If you’ve got an eCommerce site or one that relies on user data and payment gateways then you should use a more advanced certificate.

Broadcom figures state that, on average 4,800 websites are compromised every month with form jacking code – and yes, that includes payment detail forms. To make matters worse, it’s often small and medium-sized retailers that are affected. So make sure your site has an active SSL certificate.

Not sure if your site already has one active? Go to your site online and have a look to the left-hand side of the URL address bar. If you see a padlock then you’re all good. If you don’t have an SSL it will state ‘not secure’ and some users browsers and internet providers will block access to your site.

Analyse Your Website - Is it secure?
Not having an active SSL certificate can also mean that users are blocked from accessing you site.

#3 – Good Anti-Malware Software

Many hosting providers will have anti-malware software included in their plans – even the basic ones! But there are free plugins available too. Wordfence is the current number 1, and gets the Kakadu seal of approval. Better to have at least one of these two options on your site.

#4 – Keep It Up-To-Date

Out of date platform (i.e. WordPress) installs, themes and plugins are a hacker’s best friend. If using a simple username/password combo is like leaving your front door open, then not updating your site is like leaving the back door open. Wide-open.

Hacking communities prey on this low-hanging fruit approach to access your site, and nothing good comes of that. Many updates can be applied automatically, but this isn’t best practice. Doing the updates manually allows you to check that they don’t break anything on your site as soon as you have done them. Much better than waiting for a user tell you about a broken feature, or worst case getting frustrated, leaving and you losing a potential customer.

If something breaks, it’s probably a plugin at fault. To fix it, you can either disable your plugins one-by-one until you find the culprit and adjusting their settings accordingly. Or if that’s too much like techy hard work, see point 5 below…

Website Updates
Your WordPress dashboard clearly displays a notification when you have updates that need actioning.

#5 – Back It Up

Take regular backups of your site, and keep them handy in case of emergency. If everything goes pear-shaped, the last thing you need is to have to rebuild your whole website from scratch.

If you have a WordPress site then free plugins like UpDraft can do that for you from within the dashboard. Connect it to a Google drive or cloud storage, schedule regular backups, and then you’ll always have one ready to go if it hits the fan.

#6 – Monitor Your Comments

It’s not just your own security you have a responsibility for. Your users are just as much of a target as you. Bots, trolls, and other nefarious characters can use your comment section to spam or even post malicious content. Dodgy URL links are a prime suspect for phishing scams. Broadcom tell us that one in ten URLs are now malicious, so don’t think “it’ll never happen to me”. It probably will.

#7 – Mind Your Emails Too

Scam emails have come along way since the classic “I have your long lost Uncle’s $30m to transfer to you. Just send me your account details and security information”.

Scammers are getting more and more sophisticated by the day, and phishing emails are their most common technique to get your login details and passwords.

“Your PayPal account is blocked. Your Netflix membership has expired. There’s a message from your bank. Earn a million pounds working from home. Invest in bitcoin with free $100 to get you started. I am sexy Russian (definitely not a 22 year old from Noida, India…), click here to see my private pictures. You may be due a tax refund from HMRC”… You know the ones.

Look at the sender’s address, and the chances are it’s from a bogus domain. Whatever you do, don’t click any links. You’re basically opening the door to your website and allowing hackers a chance to come on in and make themselves comfortable.

Do you have a website that needs securing?
We can do that for you. Get in touch with the form below to set up a free, no-obligation chat about how we can help.
Plus, if you found this article useful be sure to subscribe to our monthly newsletter so you don’t miss our next one.


From The Blog...

We periodically add useful and interesting content to our blog. Below is a selection of some of our most recent content and to get the latest posts in your inbox you can subscribe to our monthly newsletter. No spam, we promise!

Designing for Accessibility
Designing for Accessibility

We guide you through the key things you need to create an accessible design for people with specific disabilities and neurodivergence.

read more