Website Security Best Practices: How to Prevent Hacks and Minimize Damage to Your Business
What’s the worst that can happen and what can you do to protect yourself?You might think your website content isn’t interesting to a criminal mind, but hackers aren’t always interested in stealing confidential information. In fact, most security compromises have nothing to do with the content on the site. With that in mind, every site is a target for digital villains. Hackers win when they access your site to add links, and even pages, redirecting visitors to an unrelated page, like a porn site where hackers can earn money. They might use your server as an email relay for spam, or set up a temporary web server, normally to serve files of an illegal nature. They might launch a full-scale attack and replace your entire website with their content.
The hacker isn’t a real person making the decision to take down your business by destroying your website. Most website hackers are automated bots or malicious software (malware) roaming the information highway. They’re on the prowl day and night — 365 days of the year — for any site with a slight crack in the gate. The good news is, you can help your web development team protect your website with some best practices.
What’s the worst that could happen?Let’s start with an understanding of online security threats. Damage to brand reputation — You’ve worked hard to build your brand. A data breach can be a PR nightmare and do irreconcilable damage, destroying the trust you’ve built with your customers. Loss of money — When your website fails to serve your marketing goals — provide awareness, generate leads or sell online — you lose sales and opportunities. Search engine blacklisting — Blacklisting is when search engines refuse to list your pages. When this happens, your site can lose nearly 95% of its organic traffic, which can quickly impact lead generation and sales. Stress and time loss — Don’t you already have enough to manage as you grow your business? Imagine losing countless valuable hours trying to straighten out the mess a hacker has left behind. Consider whether or not that skill is actually in your wheelhouse to do it properly. Complete loss of your branded website — If you aren’t performing regular backups of your website, you risk losing everything if a hacker replaces your entire site with content of their choice. Go back to start. Do not pass go. Do not collect leads or sales.
What you can do to protect yourselfIf you or somebody on your team accesses your website to add content or perform basic maintenance, this section is for you.
- Install an SSL certificate on your website to encrypt communications between the end-user and the server. Google has taken the stance that ALL data submitted on your website should be secured with an SSL. That includes simple contact form submissions.
- Never log in to your site from a public Wi-Fi, like in a coffee shop or city center.
- Always logout of your site when you are finished editing, and do not have your browser remember passwords.
- Choose a strong password with a mix of lowercase and uppercase letters, numbers and special characters.
- Do not use the same password for your website and any other site where you have an account.
- Regularly change your website password and FTP password.
- Control User access to your website site. Only grant the appropriate level of administrative power to others who contribute to your site content. Be sure to delete Users when projects are complete or employment is terminated.
- For goodness’ sake, change the standard username from Admin to…well… ANYTHING BUT ADMIN!
- Update WordPress software regularly and allow automatic updates.
- Major WordPress releases typically add functionality, performance and security upgrades.
- Incremental updates often address bugs and security vulnerabilities.
- Thoroughly research any unknown plugins before adding them to your WordPress site. I only install plugins that have been updated recently. Abandoned plugins don’t keep up with the latest malware or hacking methods. You can find “Last Updated” information listed in the dashboard under Plugins/Add New, then listed under each plugin.
- Update plugins when prompted in the WordPress dashboard. Many plugins issue updates for enhanced security. Before you update a plugin, be sure that the update version will work with your version of WordPress software. It will usually say so next to the update notification.
- Perform regular backups for your database, theme files, and premium plugins. You’ll be able to restore your website from an earlier version in the case that you are hacked.