This post has been marked as old.
Websites are easier than ever to create. With all the great tools and services available on the web, companies can create simple websites without extensive knowledge in computer programming. Website security is important to protect every website, but if you created your own website, you might not know what to do. Here are a few tips for how to keep your website secure.
Update Your Website Frequently
Keeping your CMS (content management system) up to date is one of the simplest ways to keep your website secure. Outdated software is a security risk, so it is important to update the CMS as soon as a new version is available. Much of hacking is automated, and bots are likely to find the vulnerabilities in your system before you have a chance to update. You can set it up to receive an email when new updates become available.
Use Complex Passwords
Too often people are lax with the passwords they create because it is difficult to remember complex passwords. Hackers are able to figure out simple passwords too easily. Passwords should always be complex, long and unique. Never use the same password for different accounts. Make sure to have passwords with more than 12 characters. Choose something more complex than words, birthdates or favorite team names. You are right in thinking it is impossible to remember a variety of long, complicated passwords for multiple accounts. Use a password manager to store your passwords. Password managers can store your passwords in an encrypted format and generate random passwords quickly.
Limit User Access
If you have multiple user logins for your site, give each person only the access he/she requires. Don’t give out complete administrative control unless it is absolutely necessary. For example, if the user needs to be able to create website posts, but doesn’t need to do anything else, only give them the ability to create posts. This limits access to the site and limits liability.
Change Default Settings
Most attacks are automated and based on the CMS’s default settings. An easy way to prevent an attack is to go in and make changes to the default settings. This will make it so that these automated attacks based on default settings won’t happen.
Choose Extensions Carefully
Websites have a variety of plugins, add-ons and extensions available. Many of them do the same thing. Rather than go crazy and add them all, select these extensions carefully because each one used can possibly be a security risk. Check when the last update occurred. If it has been a long time, it is possible that no more updates will become available, making the extension a security risk. You want to use an extension that will be updated frequently to protect against vulnerabilities. Also check out the age of the extension and how many installs it has. More established authors are more likely to have extensions you can trust.
Frequent backups can protect your site if something bad does occur. You can revert to the backup and hopefully have a clean version of your site ready to go. There is some concern about storing your backup on the same server as your site. If the server is hacked, the backup may become infected too. Instead store your backups offsite on a separate server. We offer a service for this, so if you need it, send us an email.
Setup Configuration Files
You can setup your server’s configuration files for added protection. Prevent directory browsing to keep malicious users from seeing the contents of every directory on the website. Prevent image hotlinking to prevent others from using images from your site. Protect sensitive files by setting rules for certain files and folder.
Install Security Certificate
Installing an SSL (secure sockets layer) certificate doesn’t protect your site from malicious attacks, but it encrypts communications between two points. If you have an eCommerce site or have form submissions, it is important to instal an SSL certificate to make sure the information is protected.
NOTICE: We offer a service to help install SSL on client websites. Contact us for more information.
Manage File Permissions
Permissions determine who can do something with the files for your website. Default configurations should have this appropriately set up, so you shouldn’t have to worry. However, if you find that you are having permissions problems, it is important to be careful when changing any permissions so that you do not give random users permission to change files on your website.
These tips won’t prevent all attacks against your website, but they should provide some measure of security. Malicious users will continue to attempt to hack websites, but these steps will stop many automated attacks and increase the security of your site.