7 way to protect your site that even simple websites owners should do
It’s 2021 and I am still amazed and frankly horrified at just how little concern is given to the security of company’s website. Typically I would hear comments like “oh it’s just informational so it’s not important” or “it doesn’t have any customer data so who cares?”
You should 100% care!
If you don’t put obstacles in the way of potential hackers, your site can not only be used to discredit your business but also used to harvest visitor’s information and even as a launching platform to attack other websites. It would be a Public Relations nightmare having to explain to the Press why your website tried to hack your competitor!
Many businesses who are not tech-savvy, pay a freelancer to build their site and beyond just updating the information on the site occasionally, no other updates are done on the website.
This is a big mistake.
If you are one of those “I don’t care” companies, here are several critical tips that you need to put in place in order to secure your website. Before it’s too late.
Get an SSL Certificate
SSL stands for “Secure Sockets Layer.” An SSL certificate will encrypt all the sensitive information you send through the internet. This will ensure that only the dedicated recipient receives the information. Furthermore, having an SSL certificate will ensure that your site sends information to the right server, rather than an imposter.
Many hosting providers offer SSL certificates with their plans. However, with a WordPress site, you’ll have to take the additional step of installing an SSL plugin. If you want to know how to secure WordPress, you should speak with your web host as they may offer WordPress hosting plans that are designed specifically for that platform.
Utilize Secure Passwords
Passwords are crucial to the security of your site. As a site administrator, if your passwords are easy to crack, a hacker can easily hijack your identity, log into your CMS, and wreak havoc.
Make sure that access to your CMS is protected by using highly secure passwords and two-factor authentication; especially if you are using your Google account which needs to be secured!
Install a firewall
A firewall is a must so that it can automatically thwart any attacks on your site. There are many options in this regard and based on your needs, you could use CloudFlare to provide protection for your site or you can install pretty sophisticated software solutions directly into your website.
Ideally, chat with your website hosting provider who may have an option to use their firewall which is managed but highly skilled security specialists.
Any vulnerabilities in your CMS, plugins, scripts, and add-ons can be a source of security risks. This is why developers will frequently release updates with patches to address these vulnerabilities. For this reason, you must keep your CMS and add-ons up-to-date with the latest versions.
Make sure to check for updates and install new versions as necessary regularly.
Updates apply to everything from your computers, to your phones, websites, and anything that has connectivity to your network. This includes IoT devices such as smart plugs, smart lights, and even robotic vacuum cleaners. Hackers will exploit any weak points on your network to get into your system – including hacking the vending machine (true story!)
Run Automated Daily Backups
In the event of a cyber attack, your site may go down or could be deleted entirely.
Without a recent backup of your site, your site and all its content and data may be gone forever. Therefore, you must set up automated backups that will not only back up your website but will also backup any scripts, plug-ins, and databases. Backups should happen autonomously and should be done daily.
Manually Approve Comments, Form Submissions, and File Uploads
People often don’t realize that a hacker can use the comment section of a website to attack it. By inserting an SQL injection into your site’s comment section, a hacker can run a malicious command within your database. They might also post a harmful link that your other visitors may click and thereby initialize a phishing attack. Additionally, hackers can use contact forms to hack your site by exploiting vulnerabilities in the forms.
Therefore, it’s essential to manually approve every new comment, form submission, and file upload. This will ensure that you can catch and delete anything malicious before it goes live and does harm.
Check your Website Security
Once you’ve secured your website in the ways we’ve listed above, it’s time to test to make sure your security actually works. You can do this through a manual or automated check.
A manual check involves staying up-to-date on common security risks and checking that your site has the necessary measures and settings in place to address them. An automated check is done through specialized software. This software is designed to automatically detect potential issues on the server, network, and web application levels.
A security audit should be conducted regularly so that you are ensured that your IT department is keeping your company’s security at the forefront.
So in summary
For some, these are obvious tips. Who doesn’t secure their website? The answer is A LOT.
You would be horrified to discover how many companies don’t give their website a second thought beyond “does it look nice”.
This is a big mistake and can take years to recover the confidence of your customers if your website is hacked. It simply leaves too many questions about how much you care about your customer’s data.