Is My Website Secure? – (Quick Guide to Website Security)

Tony Messer June 12, 2017

Website security tips

Your website is your primary platform. Without it, your business will halt. Everyone already knows that the number of hacker attacks are on the rise. Thankfully, securing your website is much easier than you think. These tips are going to show you what you must do to secure your website.

It’s All in the Hosting Decision

 When it comes to securing a website the focus always seems to be on the website itself. Dig deeper and think about where that website is hosted. It’s supported by a physical server underneath. If that server malfunctions, or is compromised, it doesn’t matter how secure your website is. You will be offline.

Make sure you choose a web host that focuses on security. For example, it must have multiple server backups so if one server does experience problems uptime is not impacted. You also need a web host that concentrates on meeting the latest security threats.

Hosts like Wizz Hosting understand that this is one of the major concerns of business owners today. Without effective security, nothing else matters.

Don’t Just Update the Platform Update the Plugins

 You likely already know that you need to keep your web platform updated. For example, if you use WordPress you need to ensure that you have the latest version of WordPress. Luckily, this tends to happen automatically. It doesn’t require any input from you.

The problem is that the main WordPress cPanel isn’t the only way a hacker can compromise your website. The various plugins you have installed could also provide a backdoor. Updates are rarely automatic with plugins, so check back regularly to keep them updated.

Never Rely on WordPress or Your Host for Security

 It may seem strange for any web host to readily admit that their users shouldn’t rely on hosting alone, but keep in mind what the role of a web host actually is. They’re there to support your website and to protect the structure it’s built on. You will get a certain amount of protection, but you must keep in mind that your chosen website builder, such as WordPress, provides an additional vulnerability.

WordPress’s own security is strong, but you should never rely on it. Consider additional security plug-ins. There are free options, such as Bulletproof Security. Paid options, like Wordfence Security , are far superior for protecting your website from hackers, however.

The more layers of protection you have the better.

Invest in SSL Protection

 SSL stands for Secure Sockets Layer. An SSL certificate is a worthy investment on your part because it provides the strongest layer of protection available for websites. You’ll notice that a site with SSL protection starts with ‘https’ instead of the traditional ‘http’.

SSL protection is not just about security it’s a marketing necessity. Many consumers won’t enter their details onto a website without this protection in place.

Opt for Automatic Domain Name Renewal

 One of the ways in which your website can be compromised is by stripping a site’s domain name and taking the site down. Most of the time, this is a phenomenon that happens by accident. Business owners accidentally allow their domain name to lapse and it enters the open market. Even if it only exists on the open market for a few days someone could easily snap it up.

There are many people that search the domain name market for recently expired domains. If they belong to a business, they can buy the domain name and register it to them. The only way to get it back is to buy it at an inflated price. It’s essentially extortion, and it does happen.

Make sure that your domain name vendor has an automatic renewal option. Whenever your domain name is about to expire (usually within 60-90 days) they will renew that domain without the need for you to authorize anything.

Stop SQL Injections by Changing Your Enquiries

One of the easy ways people hack into websites is by using what’s known as an SQL injection. This happens due to vulnerabilities in either a URL parameter or a web form. It allows external users to provide information. Leaving your parameters open means that someone can insert their own code, which allows them access to your database. Hackers can then gain access to customer information, including credit card numbers.

Using parameterized enquiries is the best way of preventing an SQL injection. This may sound complicated, but there are plenty of guides available that can help you do this without the need to hire an expert.

Fighting Cross-Site Scripting Attacks

 XSS attacks are another of the main strategies that hackers use to get into websites. A XSS attack is when hackers insert JavaScript codes into a website’s pages. These codes can infect anyone who visits that specific page. This is perhaps even more dangerous than an SQL injection.

A Content Security Policy (CSP) is the answer to an XSS attack. A CSP allows you to specify the various domains where new scripts are acceptable. If the hacker’s domain isn’t on the CSP then they won’t be able to insert their code into the page. The browser will simply ignore it and nobody will get infected with the code.

Unbelievably, this complex sounding counter involves putting the relevant HTTP header on your webpage. It contains a few directives to tell browsers not to execute scripts that come from anywhere but a specified domain. Again, there are lots of guides that can help you to do this in more detail.

Finally…Secure Your Passwords

 Unbelievably, most hackers are not technical people. In many ways, it’s wrong to call them hackers in the first place because many hackers aren’t doing any hacking. All they’re doing is guessing your password until they get the right one. It’s true that some hackers use automated programs that run through hundreds of passwords every minute, but most hackers are doing this manually.

The way they do this is by finding out personal information about you. For example, if they know when your child’s birthday is or where you grew up they may have already cracked part of their password. Believe it or not, the most common passwords are numeric sequences or contain personal information.

So how do you create a great password?

The answer is in using a password generator. These password generators can be found via a quick Google search. They generate random sequences of numbers, letters, and symbols. There’s no relation to your personal life or any current events. It makes it impossible for a hacker to guess the password. The odds of them successfully guessing one of these passwords are rare.

Last Word – Vigilance is the Key

 Ultimately, securing your website is about maintaining a certain level of vigilance. The problem with most people is that they follow a guide like this and then assume their website is protected forever. That’s far from the case. New threats are evolving all the time and this advice will be updated by this time next year.

Make security a priority within your business, otherwise you’re always putting yourself at risk. The damage a successful hacker could cause could even bring down your business.

Do you have any other security tips?

By Tony Messer

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>