Website Security = Peace of Mind
May 05, 2022 filed under: 7 Things
It's no surprise that website security is top of mind for many of us, given the frequent reports of website hacks and data breaches that we hear about these days
What do we mean by website security? It's all of the items in place on your site, as well as specific actions that you take, to keep your website from being vulnerable to hackers and other attacks.
Our 7 security practices will help you get started in thinking about and implementing stronger security measures on your site.
1) Keep your software up to date
Why it’s important
Running out of date software on your website creates vulnerabilities that can be easy to target.
What to do
Make sure you stay up to date with the latest versions of your content management system (CMS), plugins and themes, particularly when version updates involve security fixes. What you need to update (and how often) will depend on how your website was built and what (if any) CMS you’re using. For example, with popular platforms like Wordpress, updates are being rolled out continuously, including important security fixes, so regular updates will be needed. Other platforms may not require such frequent updates.
2) Back up your website regularly
Why it’s important
If your website is compromised, a website backup will be a huge help in restoring the site.
What to do
Host providers often include website backups as part of their hosting service - it’s a good idea to double check with yours about this. Having your site backed up daily is a good practice and keeping the backups for 60 days is smart. You may also want to have a second form of backup in place, in case the first fails for some reason.
3) Make sure your site has an SSL certificate installed
Why it’s important
SSL (or “Secure Sockets Layer”) certificates ensure that your website sessions are secure by encrypting the connection between your website server and the user’s browser.
What to do
Not sure if your website has one installed? Check to see if there is a padlock next to your website’s address in your browser. Also, if you’re visiting a website that doesn’t have an SSL in place, you’ll often be shown a warning screen by your browser before you can access the site.
SSL certificates are widely available and if you need to install one, many website host providers provide them for free.
4) Set up security monitoring
Why it’s important
The quicker you catch an issue, the better. Website security services and plugins will regularly monitor your website for any issues, and some even include malware removal as part of their service.
What to do
Talk to your web developer to see what they recommend for your specific website. There are many plugins available, or you can set up a stand-alone account with a service like Sucuri.
5) Provide lower levels of access whenever possible
Why it’s important
Lower levels of website access can help lower your vulnerability.
What to do
You may have a few different people who need access to the backend of your website, your hosting account and others. Only give out the level of access that is needed. For example, the person writing your blog may just need enough access to post new content, while your web developer will likely need super admin access in order to make adjustments to code or to run a website upgrade.
Review your current permissions and make sure you’re not giving out more access than is needed.
6) Consider turning on multi-factor authentication
Why it’s important
Multi-factor authentication helps protect your accounts from unauthorized access, which could lead to your website being compromised.
What to do
Multi-factor authentication is standard practice these days and all of the accounts related to your website should provide an easy way to set this up.
7) Consider setting up a website firewall
Why it’s important
Firewalls filter out website traffic from malicious sources, which can keep hackers from ever reaching your site.
What to do
Many website host providers provide some firewall protection so it’s a good idea to find out if yours does and to get any recommendations that they have regarding firewalls (for example, if they recommend a secondary firewall). There are several different kinds of firewalls to choose from and your host provider may be able to give you some suggestions about which kind you need.
While this list isn’t an exhaustive list, we hope it will serve as a starting point in your conversations about website security.
And if you are a current client needing help implementing any of these tips, please get in touch!