How to Secure Your Website
In 7 Easy Steps.
There are two main reasons that you need to secure your website.
Firstly, to protect your site, and both your own and your user’s data. Hacking is the number one method of data breaches online, accounting for 61.9% of lost information. There’s a cyber attack attempted every 39 seconds, of every hour, of every day.
That’s a lot.
And 43% of those cyberattacks target small businesses. That too is a lot.
And secondly, for Google. …or whatever other search engine you use. Google wants its users to have the safest web experience possible, that’s why they heavily favour sites with a good level of security. A secure site will achieve a higher page ranking versus an insecure site.
Now you know why it’s important, follow these 7 simple steps to secure your website, keep the hackers out, and become Google’s best friend at the same time.
Don’t use an easy to guess username and password combination. It’s the equivalent of going out and leaving your front door open. Common sense. Use a long password with a mix of letters, numbers and symbols. If you’re worried you may forget them there are several great password vaults out there which can store them for you.
Install An SSL Certificate
OK, first thing’s first. SSL stands for Secure Sockets Layer. Now you know.
Installing an SSL certificate encrypts certain data that gets passed between your site and it’s users. It’s also high on Google’s list of agreeable things – so it’s super important for SEO purposes.
The SSL certificate is issued by your hosting provider, and there is often a free option that suits most websites. If you’ve got an eCommerce site or one that relies on user data and payment gateways then you should use a more advanced certificate. Broadcom figures state that, on average 4,800 websites are compromised every month with formjacking code – and yes, that includes payment detail forms. To make matters worse, it’s often small and medium-sized retailers that are affected. So make sure your site has an active SSL certificate.
Not sure if your site already has one active? Go to your site online and have a look to the left hand side of the URL address bar. If you see a padlock then you’re all good. If you don’t have an SSL it will state ‘not secure’.
Not having an active SSL certificate can also mean that users are blocked from accessing you site.
Get A Good Anti-Malware Software
Many hosting providers will have anti-malware software included in their plans – even the basic ones! But there are free plugins available too. Wordfence is the current number 1, and gets the Kakadu seal of approval. Better to have at least one of these two options on your site.
Keep It Up-To-Date
Out of date platform (i.e. WordPress) installs, themes and plugins are a hacker’s best friend. If using a simple username/password combo is like leaving your front door open, then not updating your site is like leaving the back door open. Wide-open.
Hacking communities prey on this low-hanging fruit approach to access your site, and nothing good comes of that. Many updates can be applied automatically, but this isn’t best practice. Doing the updates manually allows you to check that they don’t break anything on your site as soon as you have done them. Much better than waiting for a user tell you about a broken feature on your site, or worst case getting frustrated, leaving and you losing a potential customer.
If something breaks, it’s probably a plugin at fault. You can either disable your plugins one-by-one until you find the culprit, then work on turning them back on and adjusting their settings accordingly. Or if that’s too much like techy hard work, see point 5 below…
Your WordPress dashboard clearly displays a notification when you have updates that need actioning.
Back It Up
Take regular backups of your site, and keep them handy in case of emergency. If everything goes pear-shaped, the last thing you need is to have to rebuild your whole website from scratch.
If you have a WordPress site then free plugins like UpDraft can do that for you from within the dashboard. Connect it to a Google drive or cloud storage, schedule regular backups, and then you’ll always have one ready to go if it hits the fan.
Monitor Your Comments
It’s not just your own security you have a responsibility for. Your users are just as much of a target as you. Bots, trolls, and other nefarious characters can use your comment section to spam or even post malicious content. Dodgy URL links are a prime suspect for phishing scams. Broadcom tell us that one in ten URLs are now malicious, so don’t think “it’ll never happen to me”. It probably will.
Mind Your Emails Too
Scam emails have come along way since the classic “I have your long lost Uncle’s $30m to transfer to you. Just send me your account details and security information”.
Scammers are getting more and more sophisticated by the day, and phishing emails are their most common technique to get your login details and passwords.
“Your PayPal account is blocked. Your Netflix membership has expired. There’s a message from your bank. Earn a million pounds working from home. Invest in bitcoin with free $100 to get you started. I am sexy Russian (definitely not a 22 year old from Noida, India…), click here to see my private pictures. You may be due a tax refund from HMRC”… You know the ones.
Look at the sender’s address, and the chances are it’s from a bogus domain. Whatever you do, don’t click any links. You’re basically opening the door to your website and allowing hackers a chance to come on in and make themselves comfortable.
Do you have a website that needs securing? We can do that for you. Get in touch and let’s get your site sorted.
MORE FROM THE BLOG…
We periodically add useful and interesting content to our blog. Below is a selection of some of our most popular content. To get the latest posts in your inbox you can subscribe to our monthly newsletter with the sign up in our footer. No spam, we promise!
HOW TO ANALYSE YOUR WEBSITE
You should be analysing your site regularly. But, if you’re not used to it, it may be hard to work out what to look at. So, we’ve written this blog post to guide you through the process.
FIFTEEN THINGS TO DO WHEN BUSINESS IS SLOW
Instead of being a negative it can actually be a great opportunity. We’ve compiled a list of 15 things you can do when business is slow to make the most it.
How much does a website cost?
This is probably one of the most common questions we get asked. But there are so many variables when it comes to creating a bespoke website, it’s not always an easy one to answer.