Blog Menu

I write and curate content for Bluehost. I hope this blog post is helpful.
Are you looking at creating a blog, website or an online store? Bluehost has something for everyone. Get started today.

How would you rate your website security? Chances are it could be better. A report published by firm Whitehat Security revealed that 86% of all websites had at least one serious vulnerability. Lack of website security is a serious concern, and not even large organizations are immune. On Guy Fawkes Day of 2012, a holiday with special meaning to hackers, a hacker group claimed responsibility for hacking and crashing the GoDaddy website.

With websites growing more complex and more people using the web than ever, it’s important to know how to protect yourself from online attacks.

Back up your files

Every webmaster should own a backup copy of their website files. Why? Because if something were to happen to your site, you don’t want to rebuild everything from scratch. Worse, you could lose all of your valuable data if you don’t have a proper backup. That’s why it’s good to regularly back up your files.

Of course, you don’t need to do this manually. Use a service like Carbonite or Mozy to back up both your website files and your database files. Then adjust the settings so they automatically back up each night.

At Bluehost, we perform complimentary backups of your entire account data on a monthly, weekly, and even daily basis. So, you can always easily restore your site should something happen.

Limit sharing of login credentials

The more you share your login credentials, even with coworkers and associates, the more likely they are to fall into the wrong hands. So, avoid sharing this information if you can. Instead, assign a separate account to everyone who must access the website regularly.

What if someone leaves the company? Then you should deactivate that account or change the password right away.

Use a strong password

Unfortunately, hackers are coming up with more sophisticated ways of hacking password-protected accounts. That’s why it’s extra important that you use a strong password. Now, you might think: “The more complex my password, the stronger it is”. But did you know that length actually trumps complexity? So, create a password of at least 12 words.

Another tip: Use words that have no obvious correlation or association with your website. For the best results, you should use a combination of random words, numbers, and symbols in your passwords.

Offer a website security course

Of course, it’s important that your employees know this too. That’s why it might be smart to offer them a website security course, where they’ll learn how to create strong passwords and to never share their login details.

Encrypt login pages

Needless to say, if a hacker were to get their hands on your password, they could wreak a lot of havoc. That’s why you should use SSL encryption on your login pages. This encryption makes https:// appear at the beginning of a URL. But what does it actually do?

SSL encrypts information entered on a page, so that it’s meaningless to any third party who might intercept it. Tip: If you send sensitive information via email, you should consider sending email via SSL encryption too.

Related Content: Why Your Online Store Must Have an SSL Certificate

Connect with a secure network

In the same vein, you should avoid connecting to the internet via networks that are either unsecured or have unknown security settings. In other words: updating your website from the library or the nearest Starbucks isn’t a good idea. If you absolutely must access your website from an unsecured network, use a secured website proxy. Then at least your connection will be from a proxy on a secure network.

Use a secure host

Just as your network needs to be secured, so does your web server. After all, your website can only be as secure as your web server. So make sure your host runs suPHP. This is a tool that allows PHP scripts to run only with the owner’s permission. In addition, your web server should have round the clock active server monitoring, and perform nightly server backups.

Stay updated

We know the “there’s an update!” pop-ups are annoying, but there’s a reason for them. When a company releases software, they often aren’t aware of every single thing that can possibly go wrong. So if they discover a vulnerability or malfunction in the software, they release a patch or an update to fix it. That’s what those pop-ups are.

So, don’t put off downloading updates for your web server, antivirus, firewall, WordPress, and other software. Plus, experienced hackers might know of these software vulnerabilities, and exploit them. 

Know what you’re linking to

Have you ever clicked on a link to what you thought was a trusted website, only to be presented with a spammy page full of porn and Viagra ads? Now imagine having such a link on your site. We know you won’t put a shady link on your site, but spammers could. They can use open redirects to hijack web traffic to the spammer’s website using an innocent-looking link. 

So how do you check if this has happened to you? Type “site:yourdomain.com” in a Google search (replace yourdomain.com with your actual domain) and look if anything suspicious comes up.

Scan regularly

Aside from shady links, your website can become infected with malware or other suspicious pieces of codes. You’ll want to get rid of this right away, which is why you should invest in website scanners like SiteLock. They’ll scan your website for malware and anything suspicious.

To be safe, you should scan your website at least once a month to make sure that everything is in tip-top shape.

Keep your permissions tight

Most webmasters don’t need to change their file permissions from the default settings. But they might need to in order to update or install something. Just don’t forget to change them back to the original setting when you’re done.

Stay vigilant

And last but not least: An important aspect of website security is simply being aware of what’s going on with your site. Scan log files every now and then for any suspicious pieces of code. Avoid installing sketchy looking WordPress plugins. And be aware of who has access to your website. Basically, keep your eyes and ears open.

In conclusion

The internet can be a dangerous place, but your website doesn’t have to be a casualty. Taking even just a few of these precautions will lessen your chances of an attack. It’s good to be aware of the multiple threats your website faces. So, discuss with your webmaster on how to best protect your website. After all, the old saying is true: An ounce of prevention is worth a pound of cure.
 

  • Tiffani Anderson

    Tiffani is a Content and SEO Manager for the Bluehost brand. With over 10 years experience across all facets of content and brand marketing, she strives to combine concepts from brand marketing with engaging content through the lens of SEO.

    Education
    University of North Texas
    Previous Experience
    Content Marketing, SEO, Social Media
Learn more about Bluehost Editorial Guidelines