A hacked website is every business owner’s nightmare. The good news is, although hacking a website requires a certain level of technical prowess, most attacks can be prevented with some very simple safeguarding. We’re going to take a look at six simple steps anyone can take to keep their site secure:
1. Use SSL
SSL stands for Secure Sockets Layer and is the basic security technology that every website should have. It’s what gives your site the ‘s’ in ‘https’, along with the little padlock next to your URL. Without it, your site is vulnerable, and your visitors may be warned that they’re entering an unsecured site. The best website builders and hosting providers generally include SSL security as standard – failing that, you’ll need to purchase a SSL certificate from authorize seller like ClickSSL separately.
2. Give Access Sparingly
Think about who really needs access to your website. Every new access you give offers another point of weakness to be targeted. Make sure anyone who does have access to your site receives proper training on the basics of internet security (not using open wifi networks, creating strong passwords, policies around safe home/remote working, etc.).
3. Make Passwords Strong
This brings us nicely on to our third point. It’s the easiest of the five to implement and could have the biggest impact. Back in 2017, it was estimated that a cyber attack happened every 39 seconds, and non-secure usernames and passwords gave hackers a huge leg up.
123456 was revealed to be the most hacked password this year, but the reality is that you’ll need something a lot more complex than that to really keep hackers at bay. The best approach is to use a randomly generated sequence of characters, then use a password manager to store this safely. Everyone with site access should change their password a minimum of once a quarter.
4. Change Your Default CMS Settings
If you aimed to create website from scratch using a CMS (Content Management System), i.e. not using a website builder, it’s really important that you change at least some of your site’s default settings. This makes it harder to predict your website’s makeup, and therefore harder to access. Even just enabling/disabling comments is a good first step.
5. Install Plugins With Care
WordPress fans, listen up. Did you know that 98% of WordPress vulnerabilities are related to plugins? Most worryingly, the same study found that one of the top 10 plugins with the most vulnerabilities is actually a security plugin.
WordPress is open-source software, meaning anyone can create plugins and upload them to the directory. This is partly why WordPress is so huge and so popular. But it does mean that these plugins may be vulnerable to attack.
So, how can you make sure your plugins are safe? First, it’s a good idea to look at the customer review score and number of downloads. When it comes to online security, there definitely isn’t always safety in numbers – but it’s a good place to start. Then, there are a bunch of free online tools you can use to scan your website for issues once the plugins are in place.
6. Keep Software Up to Date
Update, update, update! We really can’t stress this one enough. If your website was built with a CMS system, such as WordPress, then finding trustworthy plugins is only half the story; you’ve got to keep them – and your core software – updated.
Updates will roll around fairly regularly, and not updating will leave your site exposed. Updates are something you can normally set to happen automatically. If not, you’ll see them in your dashboard as they’re released, where you can then accept them.
We’ve covered six of the simplest, but most effective ways you can keep your site secure, and we strongly recommend that you do all six – and more!
Never fall into the trap of thinking that your site is too small to be targeted; serious hackers use automated scripts to scan many thousands of computers at a time to find weaknesses. Attacks are completely randomized, and no website is immune.
Article By: Hannah Whitfield