Someone hacking your website is probably the worst thing to happen when you own a website. It can result in lost revenue, loss of trust from users and customers, costs to fix it and also a breach of data. This could have further financial implications as you need to report any data breach to the ICO and you may be subject to a fine.
Given the above, security should always be at the top of your mind. But what measures should you take to make your website secure? Ultimately, fixing a hacked website can take a long time to resolve. At We Create Digital, we take security very seriously. In this article, we will explore some tips to ensure that your website stays safe in the world of the internet.
Make sure your website software stays up to date
Whatever platform you use, ensure that your website is always up to date.
When using content management systems like WordPress, you need to regularly update the core framework. However, be careful that this update does not break your website. Quite often we see websites that have been updated to the latest WordPress version, and then their website loses the look and feel of the website, or some functionality that once existed doesn’t exist anymore. When using plugins on your website, the software provider will from time to time release security patches. Check that these patches are compatible with your website’s theme, and then install them. At We Create Digital, we periodically perform WordPress updates. If you have a hosting package with us, we can perform these updates for you.
If your website does not use WordPress, you need to make sure that you are using the latest technologies for your website. Sometimes, functionality will disappear from the technology that you are using. Be sure to replace this or remove it from your website.
When it comes to your server, ensure that that your server has the latest version of software and any security patches that have been released from the server software provider are applied to it.
Use two-factor authentication where possible
In today’s world, a lot of websites are now asking you for an extra level of authentication. Whether you are using Facebook, Google or another big website, you will be asked for a code from a text message or email. This extra level of authentication allows you to see who is logging in under your account details. If there is a request that you do not recognise, you will then have the option to reject it.
At We Create Digital, we all use LastPass to handle our passwords and security codes. We have an app on our mobile phone that we can log in to and view a 6 digit number. This number is then entered into the website that we are login into and access is provided.
Within our WordPress websites, we use a security plugin called iThemes security pro. This plugin comes with a lot of features like the two-factor authentication, lockout services and monitors for website file changes. We highly recommend this plugin to use within any WordPress website.
Always use HTTPS
You have probably noticed by now that next to the website URL in your browser next to the address bar there is a padlock. Look up there now if you haven’t noticed it before! This padlock means that the website that you are looking at is secure.
So what does HTTPS mean? HTTPS means HyperText Transfer Protocol Secure. This is a secure version of the standard HTTP protocol. To you, this means that the connection between your browser and the webserver is secure. There is no room for a hacker to intercept the request and take your secure information.
When you are browsing online, ensure that the website you are using has the padlock in the top corner of your browser.
So how do you make your website HTTPS? You will need to install an SSL certificate. Most domain name providers provide an SSL certificate when you purchase the domain. If this isn’t the case, you can use Let’s encrypt. Let’s encrypt provide websites with a SSL certificate. Not only does this protect your users, but it also will help with your SEO efforts. Google has mentioned that they will provide your website with a ranking boost if your website is secure.
Backup, Backup and Backup
If your website was unfortunate enough to be hacked, how will you recover it? Do you have an adequate backup solution in place? Ensuring that your website is backed up regularly will allow you to bring back the website if it was ever hacked. There are solutions out there whereby your hosting provider will be able to support you with this. Ideally, you would need your website to be backed up in different locations. For example, your server, a secure hard drive, and even a version control system like GitHub.
Set up Google Search Console
Not many website owners know about Google Search Console. Unless you’re an SEO specialist or website developer, you probably would not have come across this. Google Search Console shows most things about your website from the eyes of Google. However, relating this to security, there is a section where you can see whether Google is penalising your website for a security breach. Located under the menu within “Security & Manual Actions”, you can see the information there.
These are just a few tips to help you keep your website secure. Website security can be a mine field if you are not tech-savvy or a website server administrator. We would always recommend that you seek professional advice if your website has ever been compromised through hacking. Furthermore, it is better not to wait for this to happen, but to take action now to prevent a hack. The prevention will be cheaper than the solution.
At We Create Digital, we have a team of experts that are able to assist you with your website security. In the unlikely event that your website has been hacked, please contact us today and a member of our team will get back to you as soon as possible.