GettyGetty
Website security is a topic that is always important but many times doesn’t feel urgent. Why? Well, if your website isn’t having security issues, it’s pretty easy to put it out of your mind. But doing so is like riding a bike without a helmet. It feels liberating to have the wind blowing through your hair, but when you find yourself face down in a patch of unforgiving concrete, you’ll quickly forget your need for “freedom.”
So, here are five huge considerations when it comes to securing your website:
1. Use Strong Admin Passwords
Sometimes we miss the obvious when it comes to security. In the case of passwords, though it should be obvious to use strong ones, it’s surprising how common weak passwords are. Consider the following bad passwords:
• newwebsite2018
• admin1
• passwordpassword
• [company-name]5 (In this case, the company name is used followed by a number.)
Sure, these passwords are easy to remember, but they’re also super easy to hack using techniques like brute force attacks.
2. Choose A Solid Website Host
Choosing a solid website host is foundational. If you follow all of the suggestions in this post but fail to secure a solid hosting company, you could find all of your labor in vain. Your security is only as good as your weakest link. If you have rock-solid passwords, but your hosting company’s software allows for backdoor access to your website, what good do your passwords do?
When it comes to hosting, the temptation is to go with the cheapest solution that hits the minimum requirements. When you consider that, for many sites, you can pay dollars per month for hosting, it’s easy to understand the temptation. But we’re talking about your company website, perhaps one of the most important marketing assets you have. Don’t squabble over an extra $30 or $40 per month; instead, focus on security and features when you’re reviewing hosting options.
3. Keep Your Website Software Up To Date
Do you use a content management system (CMS) like WordPress, Joomla or Drupal? Did you know that CMS platforms receive regular patches and software updates? The updates aren’t just designed to add features to make your life easier, but also they often include important security updates.
Like anything else in life, software isn’t perfect. It needs time to mature and sometimes in the growing process, bugs and vulnerabilities can surface. Given the right conditions, these vulnerabilities can give outsiders access to your website to do not-so-good things.
So, just like gutters, cars, roads and railways, CMS platforms need regular maintenance to keep them running smoothly.
4. Use An SSL Certificate
Secure Sockets Layer (SSL) certificates are super helpful for security and generally pretty easy to set up. Simply put, an SSL certificate will give your website a secure connection when transmitting data on the internet. Instead of data moving back and forth in what’s known as “plain text,” an SSL certification will securely encrypt that data. Then, if in an attempt to hack your website that data gets in the wrong hands, it won’t be that valuable since it would be a garbled mess of encrypted characters.
SSL certificates are very well-known in their use for e-commerce sites where sensitive payment information is being sent over the internet. But there are plenty of other applications. One thing you should be careful not to overlook is securing login forms to your website. A hacker who is able to intercept “plain text” login information could very well have a field day with your website.
5. Restrict Admin Logins To Specific IPs
Another great layer of security can come through restricting your administration portal to certain IPs or IP ranges. Imagine having to be physically present at your company headquarters in order to log in to your website. This kind of restriction can do wonders, as you aren’t simply blocking potential attackers from across the globe, but you’re also limiting access from across the street.
Though this suggestion might seem more advanced, it may not be terribly hard due to CMS configuration options or plugin availabilities. Do a bit of Googling on your CMS, and you may be pleasantly surprised.
Bonus Tip: Chose A Host With Automatic Backups
Though not a security consideration per se, a super valuable tip when it comes to website vulnerabilities is to find a host with automatic backups. The frequency you’ll need will depend on how often you update your website, but for many companies, once a week or even two weeks may be sufficient.
Why am I bringing this up? Well, because it’s a catch-all. When it comes to security, you want to do your best to cover all of your bases. But if you have automated backups, it’s an extra level of protection in case you missed an important security hole.
What’s even better than automated backups? Automated backups with one-click restore. Find those two features together and you’ll find it a lot easier to sleep at night when it comes to the security of your website.
Conclusion
Well, there you have it — five straightforward ways to make your website more secure. Use strong passwords, choose a solid website host, keep your website software up to date, use an SSL certificate and restrict admin access to certain IPs. Though there are plenty of other security enhancements that companies might consider, this list is a great starting point.
