How to Keep Your Website Secure
Today’s businesses are susceptible to attacks on their web sites – your business size doesn’t matter! Hackers, spam sent from your business email account, viruses, malware, bots, and even brute force attacks are issues for business web site owners. Unfortunately, more types of attacks are being created every day. It’s just too much for most businesses, especially those that are small to mid-size, to keep their web sites clear and fully functional.
Web site security maintenance is so important today, especially for website content management systems (CMS), such as WORDPRESS®. It needs to be done regularly to keep a site up and running, and promptly when an attack occurs. Let’s look at what security maintenance should include.
Whether you access your web site via a browser or ftp software, you need a password to do so. You need a really strong password with two-step authentication to protect your site, as well as protection from hackers. The weaker the password, the easier it is for the hacker. Additionally, if you don’t change your password on a regular basis, the longer you give a hacker to break it.
CMS has become strong targets for brute force and malicious script hacks on login pages, though it’s used against non-CMS web sites, as well. And once they gain access to your site, they can do pretty much anything they wish to destroy your online business, including stealing database information on your clients/customers.
Html and similar web sites don’t typically have any updates about which to be concerned. But CMS has become the “go-to method” for creating web sites. It’s easier to use a CMS with a responsive theme (one that can be used for any size computer or smartphone) than to make several different size html, for example, web sites for one site.
The one downside to CMS for those who like to maintain their own sites is the updates. The CMS, theme and plugins all need regular updates applied – many times on a weekly basis. These are typically security updates to protect your web site from hackers.
If you don’t do every single update, you will be hacked. Plugins alone represent more than 55 percent of known entry points for hackers. A WORDPRESS plugin was even responsible for the 2016 election hacks that publicly exposed embarrassing emails for the site owners and users.
Though all updates can be set to update automatically, this can create problems with your site. An update of the CMS or theme, for instance, can make a plugin not work, effectively “breaking” or even crashing your web site. So each time an update is made, even automatically, you need to log in and check the entire site for problems.
Even the best protections put in place won’t stop a determined hacker. Let’s face it, even the Pentagon has been hacked. Also, emergencies and natural disasters can destroy your web site data. So regular and reliable backups, at least monthly, are essential to keep your data safe and secure. If something does happen to your online site files, it can be easily replaced with the last created backup. If you use a CMS backup plugin, do a test run to auto backup and then manually restore to ensure it’s a reliable backup plugin – not all of them are. If you use an auto backup plugin, set it to backup daily to your site’s server, but manually backup and download to your computer at least monthly, though daily is best.
CMS, themes and plugins all have default settings that can be changed by the person setting up the web site. The CMS program uses a configuration file to record these changes. For WORDPRESS, it’s named wp-config.php. The configuration file must be secured and protected from hackers. Additionally, you need to hide the CMS version used, change all the default secret keys in the system, and remove references to the CMS in the theme to make your site secure.
Additional security plugins should be installed to give the most protection possible for the web site. Some security features you should consider are:
- Endpoint firewall
- Malware scanner
- Login security
- Database backup
- Anti-spam scanner
- Security activity auditing
- File integrity monitoring
Such plugins also must be double checked after any update has been installed to ensure they still are working properly.
SSL is a Secure Socket Layer certificate that encrypts all information sent to and from a web site. It helps to protect the data transfer of crucial customer information between the browser and web site server. An SSL-protected web site shows the locked padlock before the browser’s address field.
If your site deals with any sensitive data, you definitely should install an SSL certificate to protect against cyber criminals and hackers from intercepting the data transfer connection.
Additionally, the current Google algorithm ranks SSL-protected web sites higher in search results. This gives a business an advantage, while providing protection for your potential clients.
Keeping your web site secure and safe is as essential as protecting your computer from outside cyber threats. But with your web site open to any and all visitors, it requires even more security measures to keep your business site safe from risks and potential threats.
If you are not up to providing this protection yourself, either because of the time or knowledge required, then putting your business in the capable hands of a professional is your best alternative. Your web site is the doorway to your business – protect it.
Contact Webmaster for Hire today to discuss all your web site design and creation, hosting and security needs.