Have you ever come across a situation where you get a security warning from Google telling you that the website you’re about to visit is not safe?
Or you’re running software like malware bytes and you see a similar message warning you not to proceed to a web page?
Today I would like to talk about why it’s important for your web security that you implement a good security plugin on your website. And it’s essential to do this before you even start the design process for your website.
Yip. Before you even start building out your website on the internet, you should have a plan to secure the site. You want to do this both for your site and also for any website visitors who may come across your site.
Today a website is more essential than ever. With more and more online sales taking place, a small business can no longer afford to ignore the online domain. web hosting and domain name pricing is now quite affordable. WordPress itself is free. You can no longer justify not having your own website to represent your business.
But what about website security?
Well website security is not as difficult as you might think. It’s also easier than ever to use ssl encryption (https) to protect your visitors from cybercriminals. It’s also free. All this is provided by your typical web hosting company. But the configurations are left up to you to manage.
Your site is very likely to become the target of an attacker at some point. Their intention is to compromise your security. Their goal is to inject malware into a file and use your website as part of their botnet.
A “Network of Robots” is called a botnet. These are large groups of compromised servers. A botnet is designed to carry out massive attacks against a domain hosting a network of servers . If your website is hosted on the compromised server, then your security is severeley at risk.
If successful, the Botnet will then try to gain access and implant a malware payload onto other websites that are not secure. And the cycle continues.
7 TIPS TO IMPROVE YOUR WEBSITE’S SECURITY
Here are a couple of best practices that I can offer you from my background in IT Security.
Security Tip No. 1 – Use Strong Passwords
A hacker will use brute force software when he tries to compromise your website security. He’ll be trying to find the admin password that you’re using to secure your website.
So one of the best practices is to create passwords that are difficult to crack. Here are some guidelines together with my personal tips.
- It is recommended that your password should be at least 8 characters in length. With a combination of upper and lower case letters, numbers and special characters. My personal recommendation would be to take that up to 16 characters and above. It might sound like overkill, but I think you’ll likely thank me later.
- Never use the same password across all the platforms that you use. For instance, it’s not a good idea to use the same password to login to your website and your social media sites. I did some recovery work for a client of mine not so long ago. Their email got hacked because the same password was used on LinkedIn, Facebook and his personal email account. The end result was that he lost some money on an important deal because his email account had been hacked.
- Don’t use familiar phrases such as birth dates, names of family members or pets and phone numbers. This kind of information can be gathered from your social media accounts. It’s much easier than you think to do this. Anything that may be easy to guess should always be avoided.
Security Tip No. 2 – Don’t use “Admin” as the Website Login User Name.
The attacker is going to go after low hanging accounts. The first thing they’ll do is go after the user name “Admin” and combine it with a series of passwords. This is the easiest method to overcome your security.
The attacker will usually program his botnet to perform these attacks on his behalf. So it will help you if you create an usual username as an added measure to protect your website security.
Security Tip No. 3 – Use a Decent Paid Security Plugin
This is another one of the best practices for your security. If you must skimp on anything else, at least pay for decent security.
Good security software is going to protect your website from most of the common attacks. I have seen it so often in Zimbabwe. Website developers overlook this area and fail to secure the sites that they develop.
Even though the attacks may be less frequent in Zimbabwe, but when they do happen, it’s a disaster. Well, for the customer anyway.
It makes the customer look bad, as well as the designer who created it.
Security Tip No. 4 – Multi-Factor Authentication
Your security should include Multi-factor Authentication. Think of this as an additional method to protect your website.
This forces every person who logs in to your website to provide a second form of authentication before they can gain access to your site. Normally it will be a combination of their password with google human authenticator or another mobile app.
In the event that somebody tries to access your website’s backend. They’ll still need to provide additional user data before being allowed to access your wordpress files. You could also use a mobile app that will provide a series of encrypted numbers to insert before gaining access through the login.
So if someone tries to gain access to your website and they get past the password, then they still have to overcome the second factor. And normally it’s impossible to have that information at hand.
So, this increases your security by a huge factor. And you can set up your website to let you know when some fails to gain access to your website.
Security Tip No. 5 – Use SSL Encryption (https).
HTTPS stands for Secure Hypertext Transfer Protocol. It is a form of ssl encryption that ensures the data being tranferred in the connection between your browser and the web server is secure.
This is essential to prevent hackers from acting as a man in the middle. A man in the middle attack is when a hacker or some malicious software is able to access the information being passed from one device to another.
The danger is that this software or hacker is then able to steal your whatever information you’re passing over the network.
So we would rather not have that. It’s our job to protect visitors who surf our websites. Also, we no longer have an excuse not to use ssl (https), as it is now offered for free.
Security Tip No. 6 – Correct Your Website File Permissions.
Here’s another part of web security often overlooked by design group. This might sound like something really complicated but your security software can often handle this for you. If not, it’s really not so difficult to correct on a wordpress website.
The purpose of file permissions is to control who can make changes to the files that make up your wordpress website. Just as in linux file permissions, you going to set these files in a manner that gives read, write and execution rights on each file and folder.
So in most cases the admin account is the owner of the entire site and has the right to read and write to the files as well as execute any program. What makes this so important is that not setting these rights correctly could allow an attacker or bots to take over the entire website.
Since your visitors and any bots visiting your site only require the right to read the files. In this case, you should only give them the right to view your website as you intended it to be seen and nothing else.
Security Tip No. 7 – Backup Your Website
Finally, part of your security strategy should be to take regular backups of the site. The world of security is a constant game of cat and mouse. The bad guys keep looking for loop holes and the good guys keep patching them up.
At some point, someone is going to penetrate your security and cause a lot of damage to your website. If you’re ready for this and you’re backing up regularly, it’s as easy as restoring your site and applying any new security updates to patch up the site.
WHY SHOULD YOU PROTECT YOUR WEBSITE?
The impact of a successful hack on your website may reach further than just data theft. Worse yet, malware may be injected into the website.
Here are some reasons why you should consider investing in good security software.
HACKING IS HIGHLY PREVALENT
According to Google, the number of hacked websites increased by 32% between 2015 and 2016. The number has also been growing rapidly ever since. In fact, the figure increased so much in the following year (2017), reaching a remarkable 212%.
The stats don’t lie. Regardless of how well you develop your website, you are always at the risk of attack. Therefore, a good security plugin cannot be overlooked.
Unless of course… you don’t mind being blacklisted by Search Engines and Digital Security Companies.
PROTECT YOUR REPUTATION
If your website gets hacked your audience won’t likely be sympathetic to you. It does enormous damage to your company or website reputation. Worst still, if you’re a website developer, the owners of the website gets the bad wrap. And that’s never a good thing.
When a customer’s information is lost due to a lack of security on your website, they will most likely lay the blame on you.
Likewise, if your website has malware, it will certainly turn away prospective clients. This can cause a huge dent to the success of your business.
To avoid the above scenarios, keep all your security, themes and plugins up to date all the time. If you don’t have the time yourself, consider hiring someone who can do it for you. You might want to read our blog on “Why is Website Maintenance Important.”
If your reputation does take a hit, you’re likely to see a dip in your sales. Your customers may be wary of visiting your website and may turn to your competition. This is not good for your bottom line.
If your website gets flagged because the security has been compromised, then your ranking will also get affected. That can reduce your traffic by as much as 95%.
So securing your website will help protect your credibility and your site rankings.
RECOVERY IS COSTLIER THAN PROTECTION
Getting your website cleaned is going to hurt your pocket. Firstly, you need to remove all the malicious code from each file that got infected. Then you’re going to have to figure out how the security breach took place and then patch all the loop holes.
This can be very expensive. The other issue is that hackers will often go to great lengths to make sure that they have a backdoor through your security in order to get access again.
Unfortunately, this is the world we live in, so the more we do to prevent access to your website in the first place, the better off we’ll be later on.
SEARCH ENGINE BLACKLISTING IS DIFFICULT TO REVERSE
Search Engines are the primary source of visitors for the majority of websites. So it makes sense that we would want to keep our site clean in order to keep the flow consistent.
Getting a blacklisting reversed by search engines is quite a task. It is not easy to access the information that can help you create a request to reverse the blacklisting. For some reason or another this information is not readily available. but once you are sure that your site is clean, you can request that the blacklisting is removed.
Once the search engine companies are happy that the site is no longer a risk, they’ll gladly remove the blacklisting.
As technology advances, so does the complexity in the task of securing your website.
All security software is eventually going to be vulnerable to a particular hack. This is why it’s advisable to install many layers of security on your website. On top of this, the website should be frequently monitored and updated regularly.
Lastly, it’s a good idea to have a backup of your site in case an attack causes irreparable damage. Sometimes, the only way to recover it is by rebuilding the site from scratch. This is where backup files come in handy. Ideally, the backup should be stored offsite such as in the cloud. This is to safeguard the data from corruption or infection by malware.
Once your site is secured, you will be able to concentrate on other aspects of your business, without worrying about losing data to third parties. This will help attract more visitors to your website.
Thanks very much guys for taking the time out to read through my articles.
If I have been a help to you and you like my articles, please leave a comment down below.
Also, if you like what you see and you think to yourself that you would like me to take care of these things for you. The please go over to my contact page, fill out the form and I’ll get back to you right away.
Thanks again and stay safe.