5 Top Tips to Improve your Website Security
You may think your website isn’t worth being hacked, and you have nothing a potential hacker would be interested in, but around the world websites are compromised every day. The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware.
You may have seen or heard of “hackers” holding a website or computer system to ransom. Often with the threat of publishing the victim’s data or forever blocking access to your website unless a ransom is paid.
Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 5 tips to help keep you and your website safer online.
1. Use a strong password
Please do not use the word password for your password.
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter, special character and number will help to protect their information in the long run.
If you are worried about remembering your passwords, use an encrypted password software like SafeinCloud or LastPass.
2. Limit the amount of login attempts
If there are more than three attempts from the same IP address to login to your website, then you can restrict access for an amount of time, making them go somewhere else. Or even block their IP forever. Hackers may use different IP addresses, but this limitation wastes their time making it more difficult to break in.
If you have a WordPress website you can download useful and free plugins such as Wordfence or WP Limit Login. These plugins will run seamlessly in the background of your website and restrict the amount of times a person or bot can try password combinations.
3. Host your website somewhere safe
Even though cheap hosting seems ideal, low price servers often mean shared hosting with a million other websites. So essentially as soon as one website is hacked, it is a possibility yours will be too. You should choose a highly secure, up-to-spec server that is right for you. If you would like more information of moving your host providers, please feel free to contact us.
4. Get yourself an SSL
A Secure Sockets Layer (SSL) encrypts the connection between a web server to a browser which means that it is much harder to be hacked. It is definitely worthwhile investing in a SSL certificate because it will protect login details and sensitive data, such as bank information, from hackers and viruses. A good SSL provider will come with some sort of insurance and compensation in the unlikely event that your website is hacked. Again, if this is something you would like to discuss with us, please do not hesitate to contact us.
5. Keep your site up-to-date
Last but not least, ensure you regularly update software and plugins on your website. As soon as your website becomes slightly outdated, it becomes vulnerable to attacks. Consistent updates are necessary. Luckily, WordPress updates automatically, which saves you the hassle of doing it yourself. However, this doesn’t update your plugins. WordPress is the world’s biggest and most popular content management system empowering over 60 million websites. Research shows that a majority of hacks occur because of vulnerabilities in the plugins or themes.
Ensure you keep up to date with plugin updates and ensure you always research and confirm that the plugins on your site are good quality and from a reliable source. WordPress have a community of users and developers who are always rating, commenting and highlighting potential security issues in both the software and third-party plugins – https://wordpress.org/support/.
So, there you have it, our top 5 tips on how to improve your website’s security today! We would hope you wouldn’t leave your home without shutting the doors and windows and this is exactly how you should treat your website.
If you would like to discuss anything found within this article or if you are concerned about your website or system’s security, please contact us on 0203 1502 162 or email us at firstname.lastname@example.org.
Written by Stefanie. G
B2B and B2C Marketing Consultant and SEO Specialist @ Dragonfire Marketing