If you’re concerned about keeping your website secure, you’re in good company.
You so often hear about another big company’s website or data being hacked. If multi-national corporations with huge online security budgets get hacked, what hope do smaller businesses have of protecting themselves?
Well, we have good news. Keeping your website secure isn’t impossible. In fact, it’s not even difficult (or expensive). Protecting your website from hackers requires taking a few simple steps and paying close attention to some important details.
Before we look at some ways to protect your website, we have to consider what the real challenges are.
Hackers don’t all share the same objectives. Most are looking for an income stream of some sort. If you have valuable data, they may want to steal it and sell it to someone who can use it. Most want to hijack your site so they can use it to run some type of online scam, like running an email relay to send out spam, setting up an illegal file server or running a botnet.
A popular hacker trend right now is ransomware. Hackers inject your site with software that locks you out. Then they contact you and demand money, threatening to erase your site and all your data. Of course, once you pay the ransom, you have no guarantee they will keep their end of the bargain.
Some hackers are simply set on disruption. This group wants to crash your site so you look bad, or just to see if they can.
You might be surprised to learn that the biggest threat to your website security is … you! What can you do to protect your site? Online security experts write volumes on this topic, but we have a few specific suggestions to help you get started.
The basis of keeping your website secure is the platform you choose to create and host it. The safest approach is to choose a well-known platform that offers a selection of security features.
At Be Locally SEO, we often recommend WordPress. Despite its extreme popularity for hosting sites of all sizes and purposes, it offers some of the best options for security. It’s also cost-effective and highly customizable.
To keep your website safe, you’re sometimes better off using a widely popular platform, as compared to an unknown one or writing your own code. Unless you have your own coder and security expert on staff, this approach is almost always asking for trouble.
Before making your platform and hosting choices, talk to a professional website consultant. They can explain your options and make a recommendation based on your company’s unique needs.
Whatever platform you choose, you must continually update software, plugins and passwords.
This is an area where WordPress shines, because both the platform and the plugins are updated often for maximum security. But you (or whoever manages your website) must install those updates to keep your site safe.
Now let’s talk about passwords. This is where you are most likely to compromise your site. Your passwords must be long, strong and complex. Anyone who has access to your site’s inner workings must also use highly secure passwords as well. And the passwords must all be updated frequently. WordPress offers plugins that will help you enforce these rules. You can make it easy by using a secure password generator.
You should always use a captcha for contact forms, blog comments, site registrations, polls and even online logins.
If you have an e-commerce site, you have more to worry about than other business owners, because you’re collecting money and handling your customers’ private financial data.
You will need to have a secure socket layer and SSL certificate. The SSL encrypts sensitive data and protects it from outside access. The SSL certificate provides proof to your customers and financial institutions that your site has been verified as secure by a third-party certification authority, such as Verisign.
Some other important security precautions include delimiting the amount and type of data that can be entered into your webforms, locking down your site’s directory and file structure, disallowing file uploads of any kind, and backing up your site daily — or multiple times daily if your business model warrants it. Store your backups in an offsite, secure location.
You can find even more helpful WordPress site security tips online. Just be sure that any tips you incorporate are current (less than 90 days old) and from an expert source.
Or you could trust a professional web design expert to handle all this for you.
Even if you do everything right, hackers sometimes gain entry to your site.
If your site gets hacked, try not to panic. Start by immediately changing site-related passwords. Depending on who hosts and administers your site, you may be able to get support. For example, if you use GoDaddy for hosting, they can assist you with some aspects of regaining control of your site.
At Be Locally SEO, on the rare occasion that one of our clients’ sites gets hacked, our security team mobilizes immediately to regain control of your site. Then we take all necessary steps to ward off any future attacks.
The digital marketing experts at Be Locally SEO understand your online security fears and concerns. That’s why we put your website security at the top of our priority list. In addition to website design, we provide a full range of search engine marketing (SEO) services to our clients. Contact us today to learn more about how we can help you improve your website security.