Website Security 101
September 10th, 2021
Website security is increasingly important as over 30,000 websites are hacked each day according to Forbes magazine. Given the increasing frequency of cyber threats coupled with more systems going online every day, there isn’t a surefire, simple way to protect your website. However, the tried and true – perhaps cliche methods – you have already heard about are only going to become more important as security threats continue to grow.
How to Secure Your Website
It is important to understand that websites can always be compromised and there are many reasons why a hacker might target your personal or business site. We’ve compiled our best tips for building up your website’s defense as a starting guide to keep you safe:
- Use HTTPS
- Strong Passwords
- Backup Your Site
- Pick a Good Hosting Provider
- Keep Sensitive Pages Off of Google
- Stay Aware of Threats
- Update and Patch Regularly
HTTPS is the standard for secure communication on the Internet. Using HTTPS should be a first-step for any business, and if you are not already using it, chances are your site is taking an SEO hit from Google and other search providers.
Installing an SSL Certificate proves to your customers that your site is legitimate and safe. Make sure your SSL cert is mandatory – redirect HTTP to HTTPS – and that plain text HTTP isn’t even an option on your site.
Use strong passwords, and if possible, incorporate multi-factor authentication for logging into your website. While it may seem obvious, more than 20 million people are still using passwords as terrible as 123456 according to Patchstack. Adding Multi-factor authentication to your site creates an additional layer of protection against easily guessable passwords, and can stop access for passwords that have already been compromised through an earlier hack or phishing attempt.
Our team recommends password managers like LastPass that can generate and store secure passwords while allowing you to share them with confidence only to those people you trust.
Backup Your Site
Make sure you create frequent backups and review your process to ensure they are storing the data you need to recover. If your site is hacked or if an update goes wrong, a backup allows you to get your site back up and running as quickly as possible.
Your web hosting partner may have backup options available, and there are many reputable companies that provide cloud-based backups for a variety of systems.
For websites running on WordPress, the CMS giant makes backups easy with Backup Features with the ManageWP dashboard. This plugin backs up WordPress sites once a month and allows websites to be instantly restored with just one click.
Pick a Good Hosting Provider
Make sure you have a good web hosting provider for your website. Providers like GoDaddy and Bluehost can get you started with out-of-the-box security, but if you’re looking for a hands-off approach with a provider like AWS, you should be prepared to manage your security closely. This is because while Amazon secures its infrastructure, you need to have your own security controls in place for the apps and data that you store in the cloud and deploy.
Keep sensitive pages off of Google
While many tips and tricks online preach the importance of SEO and getting your site in front of the largest possible audience, you want to manage what is shared with the public. Back-end pages that your systems might use for applications, employee-only logins, and sensitive information that shouldn’t be advertised.
Keep sensitive pages away from Google to make it less likely for attackers to find potential weak points with basic searches. If your private information is or becomes available, there are ways to remove it from Google search results.
Stay Aware of Threats
Knowledge is power. One of the major issues with website security is that threats are incredibly varied and will target very different things.
For example, phishing attacks target your legitimate users to try and obtain their legitimate credentials to misuse them. SQL Injection attacks will target your site directly and try to use code to get the system to give information or access to hackers that will compromise your site. The most expensive locks in the world are still opened by whoever has the key!
Aside from the daunting number of ways your site might be vulnerable, even knowing that you have been hacked is often a problem. According to a recent report on the subject by IBM, it takes on average 9 months to even detect that a hack has occurred! Make sure you’re keeping up to date with current cybersecurity threats so you know if your system could be vulnerable.
Update and Patch Regularly
“Keeping all software up to date and patched is critical to maintaining your security. Always use virus and malware protection on your site. Knowing what kinds of software tools your site employs can help you narrow down where you might be vulnerable and prevent attacks.”
Nick B., Consultant at Coretechs
If you were to see a news article about a recent vulnerability in WordPress, Microsoft Windows, Joomla, or Django, would you know if those applied to your website? Not everyone can be an IT expert, but having some knowledge of what frameworks your site uses, and simplifying the number of systems involved can help you to keep track of vulnerability threats to your website.
Your website is one of your most important online business assets, so it’s important that you take the right security measures to protect it. A protected and well-maintained website provides your visitors with a secure environment to interact with and increase their trust in your brand.
If you need help securing your website, Coretechs can help. Talk to us today!