Show Don’t leave the front door of your site wide open! You need to secure your website, which means putting protection in place to keep out hackers, bugs, and other online nasties. Otherwise, your data could be at risk, your site could crash, or you could even lose money. Here’s how to make a website secure:
But I’m not even making money through my website. It’s just a small blog. Why would anyone hack me? Why does it even matter if a hacker gets in anyway? Apart from losing money, hacking can result in huge losses in traffic, your site being suspended or crashing, and even identity theft. Your personal data, and that of your visitors, could be at risk. But how am I supposed to fight off hackers? I’m not that technically skilled! This is another common worry, but luckily, you don’t need fearsome tech skills in order to secure your website. All of these steps are simple to implement, and we’ll walk you through each part of the process. Before we get into the details of how to prevent your website getting hacked, we should probably talk about what a hacked website looks like. While there’s no set way that a website will look after being hacked, there are patterns. And we should tell you now, if your site has been hacked, you’ll be in no doubt about it because something will be very wrong. Here are some common ways hacking presents itself: So now you know what a hacked website looks like, it’s time to look at the seven ways to prevent yours becoming one: One of the easiest things you can do to protect your website, yourself, and your users, is to install an SSL (Secure Sockets Layer) certificate. You may not realize it, but you come across SSL all the time when you browse the web – it’s the reason for the “s” in “https”, and the padlock in the address bar. SSL encrypts information passing between your website and your visitors. Google now warns visitors when they’re entering a site without SSL, and even “discriminates” against those sites in its search results. It’s especially important to have SSL security if you’re accepting payments through your site, asking for login details, or transferring files. Without it, the data is unprotected, and vulnerable to hackers. Krys Lambiase emphasizes the importance of SSL for securing websites – especially online stores: The hosting provider HostGator includes free SSL security on all its plans. Here, it shows the importance of SSL. It’s not important for you to know the technical ins and outs of SSL security, so don’t worry if you don’t really get how it works. The most important thing is to know that your site needs SSL, and how to go about getting it. There are multiple ways to install SSL. The three main ways we suggest are:
If you want a much higher level of security, you’ll need to pay for an advanced SSL certificate. These vary in price, and you can buy them from hosting providers, or domain registrars. Unless you’re running a large online store, or handling large amounts of sensitive data, the free version of SSL will probably be sufficient. For more details about how to get an SSL certificate for your website, explore our dedicated guide. We’ll walk you through the entire process, in just seven straightforward steps! “Anti-malware software” might sound like a lot of jargon, but the good news is that anti-malware software actually does the hard work for you – so you don’t need to worry about any of the technical stuff. There are plenty of different anti-malware options out there. Some have free plans – like Bitdefender Antivirus Free – while others you have to pay for, such as SiteLock. SiteLock is used by over 12 million websites, and offers different packages that provide varying levels of protection. This means you can tailor your security to your site’s needs, as well as your budget. Some of the security services it provides include: If you don’t know what all this means, that’s okay – that’s what anti-malware software is there for! A good quality website builder or hosting provider should look after your site’s security for you. Hosting providers often include anti-malware software as part of their plans – some even throw in paid services like SiteLock for free! Other providers include a built-in set of tools – InMotion, for example, includes a security suite on its cheapest plan. This is made up of:
These are the security basics for your site, and the features you should look for whenever you’re looking at picking a hosting provider. Whether your provider comes with tools built-in, or offers extra freebies such as SiteLock, anti-malware software gives you a welcome extra layer of protection. Good website security starts with a good web host, as Krys Lambiase points out:
Passwords. They’re so familiar that we can sometimes forget just how important they are. It’s easy to overlook the fact that often, your password is all that’s standing between a hacker and your personal information. Not only are passwords a vitally important step, but they’re also one of the easiest things you can change to increase the security of your website. Spend just 20 minutes today making your passwords stronger, and you’ll be on your way to a more secure site. A survey carried out by the UK’s National Cyber Security Center analyzed the most common passwords used by accounts that had been breached across the world. They then put together a list of the top 10 most hacked passwords – if you’re using any of the following, it’s time to change it (like, right now)! Instead of using easy to guess phrases, here are some things you should do instead: There’s a seemingly endless list of password tips out there, and you should combine a few of these tactics to create uncrackable passwords. Once you’ve got your shiny new bulletproof passwords, be careful with them – do not share them around, even with friends, and do change them regularly (about once every quarter). We’re not talking about posting the latest gossip, or keeping your visitors in the loop with your newest product. This is about the importance of keeping your website’s software up to date. If you use a website builder, you don’t need to worry about this so much, because most builders will handle software updates and security issues for you. However, if you’re using a platform such as WordPress, you need to be totally on top of things and running updates when necessary. You need to run updates for your WordPress core software, as well as any plugins you’ve installed. If you don’t, then it can all become outdated and vulnerable to bugs, glitches, and – worst of all – hackers wielding malicious code. The good news is, you should be able to set these updates to happen automatically in your dashboard – but it’s still worth keeping an eye on and making sure everything is running smoothly. Letting your site become outdated can be a fatal blow in terms of security, so it doesn’t hurt to be vigilant about staying on top of updates.
Find out more
We know, this sounds like a total “duh” moment. Well, obviously I’m not going to hand over my details and let my site get hacked – that’s the whole reason I’m reading this article! The trouble is, people are still – through no fault of their own – falling prey to scammers and unknowingly giving away important information about themselves. Did you know that 92.4% of malware is delivered via email? That makes it the number one method of attack, and means you should always be on the lookout for anything unusual in your inbox. There’s always more tech you can put in place to protect your website, but you mustn’t forget that 95% of cybersecurity breaches are due to human error. Protect your website by being on your guard, and being suspicious of texts, emails, or phone calls asking for personal information. It sounds simple enough, but scams are growing ever-more sophisticated. Here are five things you can do to make sure your website doesn’t open the door to unwelcome visitors: You get the idea. We know this seems like common sense, but phishing emails are becoming increasingly realistic – so stay on high alert! Is there a better feeling than hitting publish on your site and then seeing comments start to roll in? It’s proof that people have actually visited your site – and enjoyed it. Comments are the perfect way to measure engagement, provide social proof to other visitors, connect with other people in your niche, and even take on constructive feedback. We love receiving comments, and you should too! However, there are always those comments that aren’t quite so fun. Bots, fake accounts, and trolls are ready and waiting with a silly comment or spammy link. At best, it’s annoying – at worst, it can pose a security risk to you and your users. If people can post comments directly to your website, there’s a chance that malicious links might sneak into the comments section. This is particularly dangerous for your website’s visitors, who might click on the link and risk exposing personal data or accidentally install malware. To combat this, you can change your site’s settings so that you need to manually approve comments before they appear on your site, giving you the chance to delete any spam. Other ways to reduce these malicious links include: These tactics should keep your comments section a safe, fun, and happy place for both you and your visitors, and keep hackers and their malicious links on the outside. Following each of the steps we’ve outlined so far will help you to stop hackers in their tracks. But don’t take your site’s security for granted – just like having a safety net beneath you is a good idea when walking a tightrope, running regular backups of your site just makes sense. Creating backups of your website ensures that if the worst were to happen, you’d still have a recent version of your site stored safe and sound, and ready to be relaunched. A backup is essentially a copy of your website data – such as files, content, media, and databases. If you have a large or complicated website, you’ll need a larger amount of backup storage to save all of your data. Krys Lambiase explains why backups are a good idea: “If your business website site is hacked, you need a way to get up and running again fast so you don’t miss out on customers. Get an automatic site backup service like CodeGuard, and you can quickly restore the most recent uncorrupted version of your site if something goes wrong. Make sure that whichever service you choose runs daily backups, so you don’t have to go back to an out-of-date site version in case of a crash.” So, how can you go about backing up your site to keep things running smoothly? Well, there are multiple ways to backup your website, including:
Using a backup service is usually the safest and most reliable way to go. Still, whichever backup method you choose, there are some important things that you should always look for:
The more frequently you update your website, the more frequent your backups should be. We recommend erring on the side of caution, though – if you come under attack, you’ll never be sorry that you backed up your site too much! On September 12th 2019, Zynga – the mobile game producer responsible for “Farmville” – was hacked. The hacker accessed login details for players of the popular games “Words With Friends” and “Draw Something”, including: This hack was originally thought to have affected 218 million people, because of claims by the actual attackers. But the final figure was estimated around 173 million by the breach monitoring site Have I Been Pwned. In response to the attack, Zynga advised its users not to use the same password for multiple accounts – this reinforces the importance of having unique, secure, and separate passwords for different online accounts. If you think that waiting one day more to sort out your security won’t make a difference, think again. 7-Eleven Japan introduced a new payment app for its customers, but left a major flaw in the form of an easy password reset that could be requested by just about anyone. The app was launched on Monday, July 1 2019, and was shut down two days later on July 3 due to customer complaints – it only took hackers this long to break into around 900 accounts and steal ¥55 million ($510, 000). Hacker attacks are frequent, and if they find a weakness you can bet they won’t hang around to exploit it. Don’t wait to sort out your security – your users’ data is at as much risk as yours if your site comes under attack! Hotel company Marriott International was compromised by a hack that started as far back as 2014 – and went unnoticed until 2018. It was still hitting headlines last year, as Marriott continued to deal with the fallout. It was initially thought that around 500 million customers were affected by the hack, which leaked: Since then it’s been suggested that the number of people affected was actually much lower – around 383 million. Still, with 5.25 million unencrypted passport numbers having been exposed, that’s still a pretty huge cybersecurity fail. Despite this, one of the main things that Marriott has been criticized for is its response to the attack – mostly due to a lack of communication, as well as further security concerns over its email domain. If you’re running a business website, or even a personal blog, and it gets hacked, make sure you communicate clearly with your audience. Be quick to fill them in on what’s happened, give them the facts, and also empathize with them about how they might be feeling. Learn from where businesses like Marriott got it wrong! Good website security starts with you – choosing a reliable website builder or hosting provider, making sensible choices about how you run your site, and putting in the extra effort to make passwords secure. And we’re here to help you along the way! Hopefully you’ve learned how to secure a website, and have found it’s not as hard as you first thought. You don’t need tech skills or a huge budget to make your website secure – as our list has shown! We’ve outlined the seven steps you can take to start securing your website. This is by no means an exhaustive list, however – there are plenty more tips, tricks, and tools you can use to better protect your website. If you’re a WordPress user, for example, you can find plenty of security tips in WordPress’ support pages. Sucuri is another great resource, with a huge wealth of guides, infographics, and courses to help you confidently secure your website. For now though, start out by following our simple steps… How to Secure a Website: 7 Simple Steps
If you already have a website, the first step now is to check if you have an SSL certificate installed. You’ll know if you don’t, because your web address will start “http” instead of “https”. You should also check your passwords, and make sure they’re strong enough to stand up against attacks! Fortunately, SSL certificates are easy to obtain, and relatively cheap to purchase – although we’d recommend finding out exactly how much an SSL certificate costs before reaching for your wallet! If you haven’t started building your website yet, then the most important step for you to take next is to choose a good quality website builder or hosting provider, depending on how you want to build your site. If you need help choosing the right one, we can help – we have reviews of the Best Website Builders and the Best Web Hosting Providers to make sure you find your perfect match. Yes! Even if your site is small and doesn’t make any money, securing your site is essential. It’s a question of protecting your own data, and that of your visitors.
Website builders are typically far more low maintenance when it comes to security. That’s because you’ll automatically get any updates, and most throw in an SSL certificate for free. That said, they’re certainly not invincible, and it’s important to still create strong passwords and watch out for phishing emails.
We’ve outlined some specific types of attack above, but essentially a hacked website could lead to: denied entry to your site, data breaches, identity theft, fraud, your site going down, the content of your pages being altered, and the list goes on.
|