Your website is highly valuable to your customers and your business. It’s one of your most important assets, but can also be attractive to hackers. So, how can you protect your website?
Having a secure website is critical. Over 90,000 hack attempts are made on Wordpress sites every minute.
If your website is hacked, hackers will use it to run activities that will damage your site. Your website will become slow, you’ll start losing traffic, and then your search engine ranking will drop. Then, Google may blacklist your site and Wordpress may suspend your account. Sounds scary, right?
Protecting your website from hostile hackers may seem like a daunting task, reserved only for those with degrees in IT. But don’t despair, there are simple techniques to bolster your website’s defences.
- Install a solid firewall:
A firewall is a code that identifies malicious requests and blocks them. Firewalls look out for suspicious or unknown IP addresses and deny them access, to protect your website. By using a firewall, you can ensure that only good traffic reaches your website.
On Wordpress, you can install either a plugin-based or cloud-based firewall. A plugin firewall is installed directly onto your site, whereas a cloud firewall is installed on the cloud, external to your website.
If your website is built on Hubspot, then HubSpot monitors potential attacks with several tools, including a web application firewall and network-level firewalling.
- Use a strong password:
I know it seems obvious, like falling for the oldest trick in the book, but having a strong password for your website is critical. Many websites are hacked simply because of a weak password.
A strong password contains a combination of letters, numbers, symbols and special characters. The longer and more unique a password is, the harder it is to crack.
For Wordpress, you can also use plugins to ensure that all of your users create strong passwords when setting up their account. You can also limit login attempts, so that your site blocks access to IP addresses after 3 failed login attempts. Limiting login attempts is an effective way to protect your site, and is simple to set up.
For further security, you could also set up two-factor authentication. If you have many contributors to your site, this may be a good idea.
- Install SSL:
Have you ever noticed some websites start with http, and others with https? That little ‘s’ is very important. The ‘s’ means that your connection to that website is secure and encrypted. A website with https has a SSL certificate for security.
Secure Sockets Layer (SSL) certificate is a security measure that encrypts all communication to and from a website. SSL means that your connection and data is secure, ensuring that all information that passes between the web server and browser remains private. So, even if a hacker receives information from your website, they’ll never be able to read or understand it.
SSL is important for protecting your customer’s personal information when they enter their details into your lead generation, enquiry or sales form. On an unsecure website, information filled out in forms can be intercepted by hackers.
According to Hubspot, the hacker simply places a listening program on the website server. The device waits until someone starts typing, and then captures the information to send back to the hacker. Scary, huh?
But, on a website protected with SSL, information entered into forms is safe and no one else can access what you type. To reassure your website visitors, especially if you are asking them to fill out forms with sensitive or banking details, make sure you get a SSL certificate.
- Pay attention to who has access to your site:
The most experienced hackers won’t just install malware and leave. They’ll set up a ghost account with admin privileges to waltz back in whenever they want.
Reviewing who has access to your Wordpress or Hubspot account regularly will help to reduce this issue. To start with, delete any users who no longer contribute to your site. Also restrict access for your writers, to ‘author’ instead of ‘admin’ as an extra precaution.
- Update everything
Over 90% of hacks happen because hackers have found a weakness in a particular theme or plugin on Wordpress and exploited it across several sites at once.
Bugs, glitches and out-of-date code make websites weak. The best way to avoid vulnerabilities on your website is to consistently update your software.
- Use an activity log
Using an activity log for your website is a great way to add security. If an unexpected action happens, you can investigate it to see if it’s suspicious.
For example, if a new admin account was created or a plugin deleted without your knowledge, it may be worth looking into. They may be legitimate actions, or symptoms of unauthorised access.
Most hackers are careful not to be caught. Activity logs show you changes to your website so you can react quickly and early to avoid further hacks.
- Back it up!
Taking regular backups of your website, even daily, is a great way to safeguard your content if your site is hacked. Regular backups can also show you if unexpected changes are being made, and alert you to an unauthorised presence.
Also, if your website is hacked and then needs to be restored, you can quickly paste your content back in from your back-up.
Remember, website security is not just a one time, set-and-forget recipe. To have a really secure website and provide the best experience for your customers, you need to be consistently checking, updating and implementing new measures.
So, how does your business’ website measure up? Follow our 7 tips to reinforce your website against hackers and to keep your content secure.
Maybe it’s time your website had a complete makeover…
Margin can help take your website from obscurity to fame and win leads and sales for your business. Contact us for a free consultation today!