Is my site secure? Improving your website securityDigital
In a world of bots, bitcoin ransoms and laptop heists, how can you ensure that your website security is the best it can be?
The latest global ransomware scandal has raised the question of personal security across the web. Most of us take own personal online security for granted. Whether you have a personal website, blog, social media profile or a website for your company or small business, it’s very important to make sure that your accounts are as secure as possible.
We have put together a very simple guide with a few very basic steps you can take to make sure that your website is more secure and less vulnerable to security attacks
1. Update Regularly
It seems simple but updating your website, software and plugins is incredibly important. Updates help protect against vulnerabilities and fix any loopholes or errors that may be leaving an open door to the back end of your site. Attacks aren’t as targeted as you may think, many hackers use bots and other automated systems which are programmed to look for the most obvious and older vulnerabilities first. Luckily WordPress and plugin developers are always working to make sure that they are keeping up to date with any system flaws and regularly release patches and updates to fix any issues they find. Don’t get caught out by not updating frequently enough!
Tips for managing plugins
Avoid adding unnecessary plugins. Plugins can be a great option when you need to achieve certain functionality, however, managing conflict issues and keeping the plugins up-to-date is critical. Try keeping plugins to a minimum and keep them up-to-date.
2. Change your Username and password!
You’ve probably heard this one before, but it’s amazing how common this problem is. Having generic or simple Usernames (ie. admin/user/1/2/3) and passwords make it very easy for a hacker to guess or crack your login details. As much as the classic 123456 and qwerty passwords are easy to remember, unsurprisingly thousands of other people have had the same idea as you! It’s really a no-brainer for a hacker.
Tips for making good usernames
Try making it more personal to you (easier to remember, but harder to crack). Take some time to think about it. You should keep it shorter than a password and keep a good record. Password management tools such as 1Password can help a lot. You could also use different usernames for different accounts you use for added security (ie. different usernames for PayPal & Ebay).
Tips for making good passwords
Passwords should be as random as possible, don’t use something that a hacker could easily find out from your Facebook profile, like your birth date or favourite sports team. Ideally they should be more than 8 characters long (12 characters for best results!). Try adding at least one number into the mix and even grammar can be used for extra security. Again password management tools can help you with keeping a good record of your accounts, some, like 1Password even generate random passwords for you and then store them so you don’t have to remember. Add an extra layer of security with Two-factor authentication to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.
3. VIP User Privilege
Most sites, especially websites for business, require multiple people to have access in order to update content. However you can protect your site by keeping the list of users that have access as minimal as possible and controlling the user privilege setting. Allowing the users to only make the changes they need reduces errors and allows you to keep better track of what’s being done. Ensure old accounts are not left active as staff move on to different departments and jobs. Keeping the VIP access tight and tidy ensures old accounts don’t get overlooked.
4. Backup your website
Unfortunately, just like a stray Word file, websites can be lost too. Data can disappear into the digital vacuum, never to be seen again. One way to prevent losing all your data and make sure that it’s easier to restore your website after a catastrophic event (or after a security breach) is to Backup your site.
Making sure your backups are stored securely offsite is very important, as rogue versions of your old site, stored on a server can be a gateway to a security breach so make sure that your backups are being stored correctly.
5. Secure your site
You’ve done the hard work to ensure your website is up-to-date and users have strong passwords, the next step should be to harden and secure your site. Hardening your site will fix common security issues such as brute force protection, strong password enforcement, hiding the login URL, file change detection, blacklist monitoring, away mode, malware scanning and notifications of important events. Depending on how your site has been built and the CMS, there are many options and solutions available to secure your site.
There are many ways to improve your site security, and this list covers a few options that many people may not be aware that they can do themselves to improve site security.
Some clients love to DIY and others relish the thought of managing their own website and security. Hopefully the tips offer some good and simple advice to help you better manage your site security.
If you find online security daunting and confusing or don’t have the time to update and manage backups get your web developers to manage your website security for you.
We help many of our Clients by keeping their sites looking great and functioning well. We have a number of maintenance and support options available to help different Clients with different budgets.
If you’re concerned about the security of your site contact us today, we’d love to talk to you about a maintenance and support plan that will suit you.
SOME HELPFUL LINKS:
Securi a website security platform which helps keep websites protected.
1Password password management software.