Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Secure a website from hackers – 5 step guide

Thursday, September 19th, 2019 by Helge

servage_lock:hdAs a website owner, is there anything more terrifying than the thought of seeing all of your work altered or entirely wiped out by a hacker?  We see data breaches and hacks in the news all the time. And you may think, why would someone come after my small business website? But hacks don’t just happen to the big guys. One report found that small businesses were the victims of 43% of all data breaches.  You’ve worked hard on your website (and your brand) – so it’s important to take the time to protect it with these basic hacker protection tips. Here are 5 Easy Steps to Secure Your Website from Hackers:

Step #1: Install security plugins.

If you built your website with a content management system (CMS), you can enhance your website security with plugins that actively prevent website hacking attempts. Each of the main CMS options have security plugins available, many of them for free. Here are some examples which you can get from the official sources:

Security plugins for WordPress:

iThemes Security
Bulletproof Security
Sucuri
Wordfence
fail2Ban

Security options for Magento:

Amasty
Watchlog Pro
MageFence

Security extensions for Joomla:

JHackGuard
jomDefender
RSFirewall
Antivirus Website Protection

These options address the security vulnerabilities that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.  In addition, all websites – whether you’re running a CMS-managed site or HTML pages – can benefit from considering SiteLock.  SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more. If your business relies on its website, SiteLock is definitely an investment worth considering.

Step #2: Use HTTPS

As a consumer, you may already know to always look for the green lock image and https in your browser bar any time you provide sensitive information to a website. Those five little letters are an important shorthand for hacker security: they signal that it’s safe to provide financial information on that particular webpage.  An SSL certificate is important because it secures the transfer of information – such as credit cards, personal data, and contact information – between your website and the server.  While an SSL certificate has always been essential for ecommerce websites, having one has recently become important for all websites. In July 2018,  Google Chrome released a security update that alerts website visitors if your website doesn’t have an SSL certificate installed. That makes visitors more likely to bounce, even if your website doesn’t collect sensitive information.  Search engines are taking website security more seriously than ever because they want users to have a positive and safe experience browsing the web. Taking the commitment to security further, a search engine may rank your website lower in search results if you don’t have an SSL certificate. What does that mean for you? If you want people to trust your brand, you need to invest in an SSL certificate. The cost of an SSL certificate is minimal, but the extra level of encryption it offers to your customers goes a long way to making your website more secure and trustworthy. At Servage, we also take website security seriously, but most importantly, we want to make it easy for you to be secure. All Servage web hosting packages come with a free SSL certificate ‘Lets Encrypt‘. See HERE how to install Lets Encrpyt via your Servage hosting account.

Step #3: Keep your website platform and software up-to-date

Using a CMS with various useful plugins and extensions offers a lot of benefits, but it also brings risk. The leading cause of website infections is vulnerabilities in a content management system’s extensible components.  Because many of these tools are created as open-source software programs, their code is easily accessible – to both good-intentioned developers as well as malicious hackers. Hackers can pore over this code, looking for security vulnerabilities that allow them to take control of your website by exploiting any platform or script weaknesses.  To protect your website from being hacked, always make sure your content management system, plugins, apps, and any scripts you’ve installed are up-to-date.  If you’re running a website built on WordPress, you can check whether you’re up to date quickly when logging into your WordPress dashboard. Look for the update icon in the top left corner next to your site name. Click the number to access your WordPress Updates.

Step #4: Make sure your passwords are secure

This one seems simple, but it’s so important.  It’s tempting to go with a password you know will always be easy for you to remember. That’s why the #1 most common password is still 123456. You have to do better than that – a lot better than that to prevent login attempts from hackers and other outsiders. Make the effort to figure out a truly secure password. Make it long. Use a mix of special characters, numbers, and letters. And steer clear of potentially easy-to-guess keywords like your birthday or kid’s name. If a hacker somehow gains access to other information about you, they’ll know to guess those first.  Holding yourself to a high standard for password security is step one. You also need to make sure everyone who has access to your website has similarly strong passwords. One weak password within your team can make your website susceptible to a data breach, so set expectations with everyone who has access.
Institute requirements for all website users in terms of length and types of characters. If your employees want to use easy passwords for their less secure accounts, that’s their business. But when it comes to your website, it’s your business (literally) and you can hold them to a higher standard.

Step #5: Invest in automatic backups.

Even if you do everything else on this list, you still face some risk. The worst-case scenario of a website hack is to lose everything because you forgot to back your website up. The best way to protect yourself is to make sure you always have a recent backup. While a data breach will be stressful no matter what, when you have a current backup, recovering is much easier. You can make a habit out of manually backing your website up daily or weekly. But if there’s even the slightest chance you’ll forget, invest in automatic backups. It’s a cheap way to buy peace of mind.  At Servage, we offer several ways of manual and automated back ups. Please check THAT Helpdesk posts to find out more about that topic.

 

 

Secure a website from hackers - 5 step guide, 3.8 out of 5 based on 4 ratings
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.