How to keep your website secure
19 Jan 2022
As hackers become increasingly tenacious and malware cyberattacks are more sophisticated, website security has developed into an ongoing problem that companies cannot afford to ignore. Reducing the risk of threat to a website is a priority to protect visitors, customers and businesses. Particularly for websites that encourage customers to make transactions such as providing personal information to receive a download or eCommerce sites that facilitate financial transactions, it is essential that all possible steps are taken to protect the website. Here we share some tips on how to keep your website safe...
SSL certificates and HTTPS
Websites need a secure URL (Uniform Resource Locator). A URL is the web address of a unique page or resource. URLs can have different protocols depending on their levels of security:
- HTTP (Hypertext Transfer Protocol) is used for transferring data such as requests and responses over a network.
- HTTPS (Hypertext Transfer Protocol Secure) is a special security protocol that prevents interruptions and interceptions while content is being transferred.
All requests and responses sent using HTTP can be read by anyone who might be monitoring the session. With HTTPS requests and responses, a potential hacker would only see random characters so wouldn’t understand the data and therefore know what to interrupt or intercept. This keeps the data secure.
To have the HTTPS URL, the website needs an SSL (Secure Sockets Layer) certificate that authenticates the identity of the website and enables an encrypted connection. The SSL certificate protects visitors who perform any transactions such as signing up or registering for what’s on offer.
Smart passwords are a smart choice
Rather than having similar passwords or, even worse, the same password for different databases, programmes and websites, it is highly advisable to use a completely unique password for each platform. Here are some pointers:
- The more random, the better. Don’t use common phrases.
- Don’t use your date of birth or name or those of your family or pets.
- Longer passwords are better. There should be at least eight characters. The longer the password, the longer it takes to crack.
- For letters, use upper case and lower case.
- Use numbers and special characters.
Passwords should be stored offline, away from the website, and they should be changed every three months.
Keep software and plugins updated
As part of the general housekeeping of your website, you should keep all plugins and software updated. This will enhance your website security. Software that hasn’t been updated is the culprit for a significantly high number of website security breaches.
To keep away the bots and hackers that continuously scan sites looking for ways to attack, you should regularly update your software and plugins. Any update requests should be actioned straight away as they usually contain repairs for security holes. Add a plugin for update notifications if you don’t already have one.
Use anti-malware software
Anti-malware software will continuously scan the website to prevent malicious attacks and remove them if found.
Invest in a bespoke website
When investing in a new website, if it's within budget, try and buy a bespoke website. Pre-built theme websites can be purchased by anyone. This means tens of thousands of people may be using the same theme as you. It only takes one hacker to find a way in and all the websites using this theme are compromised. Having a bespoke website increases your security as it is unique - which makes it more difficult for anyone trying to hack into your website. If your website is making transactions online or dealing with consumer data, it is crucial to keep it secure.