How would you rate your website security? Chances are it could be better. A report published by firm Whitehat Security revealed that 86% of all websites had at least one serious vulnerability. Lack of website security is a serious concern, and not even large organizations are immune. On Guy Fawkes Day of 2011, a holiday with special meaning to hackers, the Capital One website was hacked along with some Israeli government websites. In 2012, a hacker group claimed responsibility for hacking and crashing the GoDaddy website.
With websites growing more and more complex, and more and more people using the web than ever, it’s important to know how to protect yourself from online attacks.
Back up your files
Every webmaster should own a backup copy of their website files. Why? Because if something were to happen to your site, you don’t want to rebuild everything from scratch. Worse, you could lose all of your valuable data if you don’t have a proper backup. That’s why it’s good to regularly back up your files. Of course, you don’t need to do this manually. Use a service like Carbonite or Mozy to back up both your website files and your database files. Then adjust the settings so they automatically back up each night.
At Bluehost, we perform complimentary backups of your entire account data on a monthly, weekly, and even daily basis.
Limit sharing of login credentials
The more you share your login credentials, even with coworkers and associates, the more likely they are to fall into the wrong hands. So, avoid sharing this information if you can. Instead, assign a separate account to everyone who must access the website regularly. But what if someone leaves the company? Then you should deactivate that account or change the password right away.
Use a strong password
Unfortunately, hackers are coming up with more sophisticated ways of hacking password-protected accounts. That’s why it’s extra important that you use a strong password. Now, you might think: “The more complex my password, the stronger it is”. But did you know that length actually trumps complexity?
Another tip: Use words that have no obvious correlation or association with your website. For the best results, you should use a combination of random words, numbers, and symbols in your passwords.
Encrypt login pages
Needless to say, if a hacker were to get their hands on your password, they could wreak a lot of havoc. That’s why you should use SSL encryption on your login pages. This encryption makes https:// appear at the beginning of a URL. But what does it actually do? SSL encrypts information entered on a page, so that it’s meaningless to any third party who might intercept it.
Related Content: Why Your Online Store Must Have an SSL Certificate
Tip: If you send sensitive information via email, you should consider sending email via SSL encryption too.
Connect with a secure network
In the same vein, you should avoid connecting to the internet via networks that are either unsecured or have unknown security settings. In other words: updating your website from the library or the nearest Starbucks isn’t a good idea. If you absolutely must access your website from an unsecured network, use a secured website proxy. Then at least your connection will be from a proxy on a secure network.
Use a secure host
Just as your network needs to be secured, so does your web server. After all, your website can only be as secure as your web server. So make sure your host runs suPHP. This is a tool that allows PHP scripts to run only with the owner’s permission. In addition, your web server should have round the clock active server monitoring, and perform nightly server backups.
We know the “there’s an update!” pop-ups are annoying. But there’s a reason for them. When a company releases software, they often aren’t aware of every single thing that can possibly go wrong. So if they discover a vulnerability or malfunction in the software, they release a patch or an update to fix it. And that’s what those pop-ups are. So don’t put off downloading updates for your web server, antivirus, firewall, WordPress, and other software. Another reason: Experienced hackers might know of these software vulnerabilities, and exploit them.
Know what you’re linking to
Have you ever clicked on a link to what you thought was a trusted website, only to be presented with a spammy page full of porn and Viagra ads? Now imagine having such a link on your website. We know you won’t put a shady link on your site, but spammers could. They can use open redirects to hijack web traffic to the spammer’s website using an innocent-looking link.
So how do you check if this has happened to you? Type “site:yourdomain.com” in a Google search (replace yourdomain.com with your actual domain) and look if anything suspicious comes up.
Aside from shady links, your website can become infected with malware or other suspicious pieces of codes. You’ll want to get rid of this right away, which is why you should invest in website scanners like SiteLock and Securi Sitecheck. They’ll scan your website for malware and anything suspicious. To be safe, you should scan your website at least once a month to make sure that everything is in tip-top shape.
Keep your permissions tight
Most webmasters don’t need to change their file permissions from the default settings. But they might need to in order to update or install something. Just don’t forget to change them back to the original setting when you’re done.
And last but not least: An important aspect of website security is simply being aware of what’s going on with your site. Scan log files every now and then for any suspicious pieces of code. Avoid installing sketchy looking WordPress plugins. And be aware of who has access to your website. Basically, keep your eyes and ears open.
The internet can be a dangerous place, but your website doesn’t have to be a casualty. Taking even just a few of these precautions will lessen your chances of an attack. It’s good to be aware of the multiple threats your website faces. So, discuss with your webmaster on how to best protect your website. After all, the old saying is true: An ounce of prevention is worth a pound of cure.