If you aren’t concerned about the security of your website, you should be. IBM’s Chairman said that “Cybercrime is the greatest threat to every company in the world.” Statistics show that a cyber attack happens every 39 seconds.
It is disturbing that most people do not know how to secure a website. You will always be limited as to how much you can secure your website because you do not have physical control over the server upon which your website is being hosted. Nevertheless, there is still plenty you can do at your end to make your website secure.
1. Strong Passwords are Still Valuable
The people who tell you that passwords are useless are people who have a vested interest in selling other forms of website security. The fact is that passwords work very well. There are hundreds of sophisticated cracking programs out there, but even with the most powerful Chinese virtual computing power, they cannot break into a strong password so long as it is changed at least every 72 days.
2. Change Your Passwords Every 72 Days
Cracking programs will eventually find their way to your passwords if they have enough time, which is why you need to change your passwords every 72 days. Passwords that change frequently are very hard to crack. Plus, if they gain access to your website, they will not have it long once you have changed your password.
3. Keep Your Theme up to Date
The problem with themes for CMS programs is that they are often updated for selfish reasons. For example, if you have added your own CSS or HTML to remove the “Powered By” part of your website (the bit near the bottom of free themes), then the theme update may only update just to put that “Powered By” bit back.
On the other hand, there are times when a developer discovers a vulnerability with their theme and fixes it with an update. For that reason, you should probably update your theme each time an update becomes available.
4. Keep WordPress up to Date
If you are using a CMS such as WordPress, it will tell you when an update is available. It is very important that you update whenever your CMS tells you to. There are many reasons why an update has been issued, but the most common is because a hacker has built a tool for getting into the CMS and the developers have created a tool to fix the vulnerability.
The longer your website is “Not” updated, then the longer it is vulnerable. Hackers are constantly looking for outdated websites so they can use their old tried-and-tested tools on them.
5. Keep Your Plugins up to Date
The problem with keeping your plugins up to date is that plugins are the most common reason for websites experiencing errors and bugs, and most of these will first surface when a plugin is installed or updated.
Yet, the flip-side is that the plugin developer may have found a vulnerability with a plugin that the developer is trying to fix. Plus, sometimes plugins or websites become vulnerable because the CMS has updated, but the plugins have not. That is why it is always a good idea to update your plugins whenever the updates become available; you will just have to remember to bug-test your website after each update.
6. Use HTTPS
If you are willing to pay the money, you can have your website encrypted. This means that it is harder for hackers to gain access to your files because what they see is encrypted. It makes hacking your website a little less worthwhile because the hacker knows they have a lot of decrypting to do even if the hack is successful.
7. Keep Backups of Your Website
This is more of a damage-recovery process. If hackers attack you with ransomware, you can simply delete your entire website and load up a backup. If you are running an eCommerce website, then the most common times for attack are around Christmas and Black Friday. You can avoid any damage by keeping up-to-date backups.
Another reason for backups is because the problem may not be your fault directly. The hacker may attack the server and not your website, and if your website is deleted, you need backups to get it up and running again.
8. Guard Against Cross-Site Scripting (XSS) Attacks
Learn about Content Security Policy (CSP) because it is a handy tool that helps you guard against Cross-Site scripting attacks. It can help tell browsers which domains are okay. It may help stop your browser from paying attention to any script that may cause harm.
9. How to Secure a Website with Plugins
There are security plugins and tools you can buy that will do some of the work for you. This includes things like hiding your version of WordPress or whichever CMS you are using. There are also IT firms that may help you secure your website (read on here).
The problem of security becomes more intense if you have other people adding to or contributing to your website. Not only do you have to have good passwords and follow the rules, but so do your contributors.
Some security tools will limit the amount of damage a user can do by created permissions for what can and cannot be done via the contributor’s interface. Other security tools may force other users to comply with certain rules such as making it so passwords cannot be set changed/set unless they are very strong.
10. Do Not Allow Users to Upload Files
Some managed WordPress hosts will not allow their users to upload files because of how damaging they can be. If you or your staff need to upload files to your website so that users can download them, then offer people links to download the files from places like DropBox.
Due Diligence Is the Key
As much of a cop-out as it sounds, the best defense you have is to stick to the rules, and not do silly things. The most common reason why people are hacked is that they are tricked. They do things like follow spam email links and enter their passwords, or they put their passwords into unreliable password-saving apps. Learn how to secure a website, create a rota, and stick to the rules.
Want to read more articles on everything from social media to marketing? Then check out some of the other blog posts and articles on our site.
You must be logged in to post a comment.