The Five Easiest Things You Can Do Right Now to Protect Your Website from Hackers
You aren’t a professional IT security specialist. Using parameterized queries and changing your file upload limits are beyond your capabilities, so what can you do right now to make your website safer? The good news is that you can make it harder for the most common types of hackers to attack your website by following these five relatively easy steps:
1. Make Sure Your Website Platforms, Scripts, and Plugins are Up to Date
Your website platform (example: WordPress or Joomla) is always searching for and correcting weaknesses that hackers can exploit. Whenever they patch a security hole, they offer an update. This is also true of any third-party plugins that you use. Sites like WordPress make it super easy to implement these updates. Whenever you log into your dashboard, just click on the updates tab for a list of updates available.
Special Tip: Don’t trust yourself to remember to regularly update your website. Add a reminder in your calendar. At the very least, update once a month. Ideally, you’ll want to update every single week. Just make sure to back up your website before every update.
2. Change Your Password Regularly and Often
If your password is “123456,” that’s practically the same thing as leaving the front door to your home wide open or leaving your car unlocked and running on a crime-ridden street. Hackers use something called a Brute Force Attack to try and guess your password. If they do, they’ll have complete access to your site.
The easiest way to confound this popular attack is to simply develop a strong password. The best passwords contain:
- At least 12 characters
- A mixture of letters and numbers
- Special symbols
- No easy connection to you (as in, don’t make it your name or your birthday)
It’s not enough to just have a strong password. You’ll want to change it up on a regular basis (every three months is a good rule of thumb). It also goes without saying that you should never use the same password for multiple sites or write your password down.
Special Tip: Your site is only as secure as the weakest link in your team. If you have multiple administrators on your site, make sure that everyone adheres to strict password rules, changes their password regularly, and doesn’t write down their passwords. As soon as someone leaves your team, eliminate their administrator account. You can use a password generator to help ensure your password isn’t guessable.
3. Switch to an HTTPS Certificate
Most savvy web users know to look for the HTTPS designation before they purchase a product on a new website or put in any personal information. The Hyper Test Transfer Protocol Secure adds a layer of security between your website and your server by encrypting the data.
If you have an online store or ask your users for personal information, it is imperative that you protect that information by getting an HTTPS certificate. It will cost you a little extra, but the peace of mind will be worth the price. It will also make your customers feel more secure about sharing their credit card and personal information with you.
Bonus – Google is preparing to call out sites that are not HTTPS. Soon you will see a message in the search results that says “site not secure”.
Special Tip: Not sure how to get an HTTPS certificate? Give your domain registrar or web hosting company a call, and they will be more than happy to help you with the process.
4. Install Security Plugins
Your web platform is bound to offer an array of security plugin options. Many of them are very low cost or even free. These guys do a good job of shielding your site from an onslaught of spam as well as prevent other common hacking attacks. Do a quick search on your platform’s plugin database and see which security plugins are highly rated. Two of the most popular for WordPress are iThemes Security and Bulletproof Security. SiteLock is a great option for CMS-managed sites.
5. Invest in a Web Application Firewall
Security plugins are a good start to protect your website from hacking attacks, especially if you are on a budget. If you want the real deal, however, the absolute best security measure you can take is to invest in a web application firewall (WAFs).
In a nutshell, a WAF acts like your website’s own personal security guard, inspecting all incoming traffic for spam, brute force attacks, malicious requests, cross-site scripting, and more. WAFs used to be very expensive and often priced out small business owners. These days, however, WAFs are becoming cloud-based and are offered for a modest monthly subscription.
Not sure how to find and implement a WAF? It may be worth it to consult with a data security expert to get the best recommendation and to have the WAF installed.
Bonus Recommendation – Always Back Up
A friend of mine who works as an IT security specialist is fond of saying that a motivated hacker can always find a way to take down a website. The tools and tips in this article can make your site more difficult to attack, but no one is entirely safe.
Back up your website regularly. That way, if a hacker is successful in knocking down your site, or if your site becomes hopelessly infiltrated by viruses, you won’t have to rebuild from scratch.
Special Tip: Automate your backups so that they happen every single day. There’s no reason to lose even a single day of work or important customer information!
You don’t need to be a techie genius to keep your website safe. A few simple habits can make your website more difficult to hack than the vast majority of sites on the web. Hackers are looking for easy victims, and if you make your site a little harder to hack, you’ve already won half the battle.
Of course, you need a website before you can even start worrying about how to protect it. If you are just dipping your toe into the online waters, or if your current site is in need of a serious revamp, let cThru Media help you create an amazing website to support your online presence.