Web Development

6 Tips to Keeping Your Website Secure

In lieu of the recent announcement from WordPress last week, it’s always a good time to think about security (more on that later). Making sure your website is secure is crucial to avoid hacking and therefore having to shut down your business for a few hours, or even days if you’re very unlucky. Aside from only hackers, having a website that isn’t secure can put you at risk of spammers. In other words, they may not be hacking your website to get confidential information, but they will fill your website with spam links, comments, and potentially even mess with your design if they’re really advanced.

The thing to remember about security is that it’s something that needs to be tweaked frequently. There are constantly new threats and strands of hackers popping up that have found their way around the old security systems, so updating is crucial. What many businesses forget is that updating software isn’t your only form of defense. There are many ways to create layers of security, all of which deserve some attention.

Top Things You Can Do to Help Improve the Security of Your Website

Below are several different precautions you can take starting today to help protect your website from hackers and attackers:

Update to the Newest WordPress

For those who did not hear, just last week WordPress launched the new version of WordPress, version 4.2.4, which is considered a security release for all of the previous versions of WordPress. You can find the official announcement here, where it discusses 6 different security issues the update will fix. In general, the fixes include:

  • Three cross-site scripting vulnerabilities. This means that a hacker could change the code inside of your webpages with malicious JavaScript or malware downloads.
  • A potential SQL injection that could be used to compromise a site. This allows a hacker to change the information on the back-end of your website, which could include your content, user information, passwords, etc.
  • A potential timing-side channel attack. This refers to an attack that could occur at certain times during the day or as your website is working during a vulnerable state.

This may not mean much to you if you’re not a developer or overly familiar with different hacks, but those at WordPress actually discovered these vulnerabilities (and their names are mentioned in the article. You can update by visiting your Dashboard in the admin side of your WordPress and then finding the Update Now tab.

Change to HTTPS

Back in August of last year Google actually announced that websites who used HTTPS, or a secure website, would get a boost in rankings. In the past using the HTTPS was really only necessary for companies that housed confidential information (banks, lawyers, schools, etc.), but this quickly changed. It has now become a way to really keep all sites secure and not something that is optional for some sites (technically it is still optional, but it shouldn’t be!). Google wanted to the web to be safer which is why they offered a boost in rankings for secure sites, so it’s clear that this move makes a difference.

In short, if a website using HTTP it means that the data is not encrypted, meaning there is information being sent across the web in plain text. This makes the information much easier to find and read. If you have an HTTPS connected with your site, you’re making it much more difficult for hackers to attack. You can learn how to change your site from HTTP to HTTPS here from DesignModo.

Your Password Matters

In addition, it’s also worth mentioning the importance of secure passwords. Believe it or not, hackers do have a way of guessing your password, so if your password is full of random characters, letters, and numbers, it will take much longer to crack (and in many cases, it can’t be cracked). Make sure WordPress thinks your password is strong. The best part about this is that it’s so easy to make a change. Reset all of your passwords immediately!

Limit Your Number of Login Attempts

With WordPress particularly you can limit the number of failed login attempts from the same IP range. This means that if someone doesn’t get your password right after three tries, they’ll have to leave and go somewhere else before they can try again. Naturally, this makes it much more difficult to hack your site because they simply don’t have enough time. It’s true that hackers can use different IP addresses to get around this security block, but it’s still better than nothing and will limit your risk to only the most advanced hackers. You can set this up by installing the Login Lockdown plugin.

Think about Your Host

Your website host could actually be a huge security issue, and according to a Torque Mag article 41% of websites are hacked because of a vulnerability in their hosting service, making it the biggest security weak spot for websites. Look into the security that all of the different hosting options provide and make sure to choose the one with the best features. This may cost you more money, but it will be worth it in the end.

Use a WordPress Security Plugin

Chances are you have this already set to go, but this is also something that you need to update when an update becomes available. Again, there are new hacks out there everyday, so the updates protect you from the most recent (and then most common) attacks. Fortunately there are lots of WordPress plugins you can install to help keep you protected. You will find Firewall, Hardening, and Scanning and Tracking protection plugins, so it’s best to get a plugin that focuses on all of these different types of protection. You can learn more about the right plugin for you here.

In the end, security is all about staying up to date with the latest updates and always backing up your information in case something does happen. The tips above are some of the most important things you can do to stay secure that won’t be difficult to implement, but of course there are more options that bigger sites should take into consideration. I recommend checking out this article for more advanced ideas.

How do you keep your website secure? Let us know in the comment section below.

Is your traffic declining? Are you not generating enough leads or sales? We’ve been growing businesses since 2009, let us do it for you!

Schedule a Consultation

Let's Talk

We’ve been growing businesses since 2009, let us do it for you!