I’m always amazed when people don’t take steps to ensure the security of their website. Hacking happens to other people. It’s never my site that’s in danger.
The stats, however, tell a different story.
The reality is that by taking a few simple steps you can protect your site from hackers. Here are five easily-implementable ways to improve your site’s security.
- Keep your content management system (CMS) up-to-date
This step is first and foremost. You should keep your CMS, plugins, operating system and any other software kept on your server up to date. Website software, particularly when it’s developed for Linux, uses open-source code. This means that all the code is available for hackers to scrutinize.
By ensuring that you have the latest version, you’re essentially putting yourself one step ahead of the hackers. CMSs like WordPress will automatically ask you if you want to install the latest software and security patches, and updating is usually a simple matter of clicking a button.
We recently had a client’s website get hacked a week after the 4.7.2 version was released. They were still on version 4.7.1 which had some exploits. It’s a simple thing to stay on top of, which is why we offer maintenance packages.
- Get an SSL certificate
This is important for preventing hackers from stealing the data that your customers give to you. An SSL certificate will enable the encryption of all the data that is exchanged between your server and your site visitors’ browsers.
Getting an SSL certificate is easy but the process of updating a site from http to https can be quite complex, with a number of potential pitfalls. It’s always worth bringing in a developer to deal with a full migration.
- Use strong passwords and usernames
Despite the obviousness of this advice, you would be amazed at how many people still use simple passwords and generic usernames for all aspects of their sites. Simple login details for your CMS are one thing, but if you’re using common passwords and usernames like “admin” for databases and webmail accounts then you’re asking for trouble.
Third-party tools, like Lastpass, can be tremendously useful for improving password security. They will generate and save login details, allowing you to access them quickly whenever you need, by automatically populating login forms.
- Guard against SQL injections and cross-site scripting (XSS)
SQL injections are one of the oldest weapons in the hacker arsenal. SQL is the language used to query databases. Whenever you log in to a password-protected area of a website, you are essentially asking that site’s database to confirm that your password grants you access.
By taking advantage of badly designed web forms, hackers are able to gain entry to your databases. Security measures, like the use of parameterized queries, tend to involve tightening the number of queries that a database will respond to.
- Use website scanning software like SiteLock
In the same way that you scan your home computer, it’s important to regularly check your server for viruses and malware. Shared hosting and managed VPSs will tend to have scanning software installed, or offer inclusion of a scanning service like SiteLock for an extra cost. It’s always worth checking what the options are.
What should you do next?
Website security isn’t a simple topic. Companies with bigger sites, especially those that deal with large amounts of data, are best-advised to seek the advice of a professional developer. We can handle all of this for you, head over to our capabilities to learn more, and get in touch with us today.