How to Secure a Website

One of the easiest things you can do to protect your website, yourself, and your users, is to install an SSL (Secure Sockets Layer) certificate. You may not realize it, but you come across SSL all the time when you browse the web – it’s the reason for the “s” in “https”, and the padlock in the address bar.

SSL encrypts information passing between your website and your visitors. Google now warns visitors when they’re entering a site without SSL, and even “discriminates” against those sites in its search results.

It’s especially important to have SSL security if you’re accepting payments through your site, asking for login details, or transferring files. Without it, the data is unprotected, and vulnerable to hackers. 

It’s not important for you to know the technical ins and outs of SSL security, so don’t worry if you don’t really get how it works. The most important thing is to know that your site needs SSL, and how to go about getting it.

There are multiple ways to install SSL. The three main ways we suggest are:

1. Choose a good quality website builder that includes SSL for free
2. Choose a hosting provider (such as HostGator) that provides a free SSL with all plans (if you’re building your site with a content management system, such as WordPress.org)
3. Install a basic Let’s Encrypt SSL for free yourself

If you want a much higher level of security, you’ll need to pay for an advanced SSL certificate. These vary in price, and you can buy them from hosting providers, or registrars such as GoDaddy. Unless you’re running a large online store, or handling large amounts of sensitive data, the free version of SSL will probably be sufficient.

“Anti-malware software” might sound like a lot of jargon, but the good news is that anti-malware software actually does the hard work for you – so you don’t need to worry about any of the technical stuff.

There are plenty of different anti-malware options out there. Some have free plans – like Bitdefender Antivirus Free – while others you have to pay for, such as SiteLock.

SiteLock is used by over 12 million websites, and offers different packages that provide varying levels of protection. This means you can tailor your security to your site’s needs, as well as your budget. Some of the security services it provides include:

• Web scanning
• Malware detection and removal 
• Web application firewall
• Vulnerability patching
• DDoS protection 
• PCI compliance

If you don’t know what all this means, that’s okay – that’s what anti-malware software is there for!

A good quality website builder or hosting provider should look after your site’s security for you. Hosting providers often include anti-malware software as part of their plans – some even throw in paid services like SiteLock for free!

Other providers include a built-in set of tools – InMotion, for example, includes a security suite on its cheapest plan. This is made up of:

• Free SSL
• Hack protection
• Automatic backups
• DDoS protection 

These are the security basics for your site, and the features you should look for whenever you’re looking at picking a hosting provider. Whether your provider comes with tools built-in, or offers extra freebies such as SiteLock, anti-malware software gives you a welcome extra layer of protection.

Passwords. They’re so familiar that we can sometimes forget just how important they are. It’s easy to overlook the fact that often, your password is all that’s standing between a hacker and your personal information.

Not only are passwords a vitally important step, but they’re also one of the easiest things you can change to increase the security of your website. Spend just 20 minutes today making your passwords stronger, and you’ll be on your way to a more secure site. 

A survey carried out by the UK’s National Cyber Security Center analyzed the most common passwords used by accounts that had been breached across the world. They then put together a list of the top 10 most hacked passwords – if you’re using any of the following, it’s time to change it (like, right now)!

1. 123456
2. 123456789
3. qwerty
4. password
5. 111111
6. 12345678
7. abc123
8. 1234567
9. password1
10. 12345

Instead of using easy to guess phrases, here are some things you should do instead:

• Combine three random, unrelated, but memorable phrases
• Use a randomly generated sequence of characters
• Don’t reuse passwords – use a password manager to keep track of them all
• Make your password long
• Never use personal information in your password – it’s the first thing hackers will try!

There’s a seemingly endless list of password tips out there, and you should combine a few of these tactics to create uncrackable passwords. Once you’ve got your shiny new bulletproof passwords, be careful with them – do not share them around, even with friends, and do change them regularly (about once every quarter).

We’re not talking about posting the latest gossip, or keeping your visitors in the loop with your newest product. This is about the importance of keeping your website’s software up to date.

If you use a website builder, you don’t need to worry about this so much, because most builders will handle software updates and security issues for you. However, if you’re using a platform such as WordPress, you need to be totally on top of things and running updates when necessary.

You need to run updates for your WordPress core software, as well as any plugins you’ve installed. If you don’t, then it can all become outdated and vulnerable to bugs, glitches, and – worst of all – hackers wielding malicious code.

The good news is, you should be able to set these updates to happen automatically in your dashboard – but it’s still worth keeping an eye on and making sure everything is running smoothly. Letting your site become outdated can be a fatal blow in terms of security, so it doesn’t hurt to be vigilant about staying on top of updates.

We know, this sounds like a total “duh” moment. Well, obviously I’m not going to hand over my details and let my site get hacked – that’s the whole reason I’m reading this article! The trouble is, people are still – through no fault of their own – falling prey to scammers and unknowingly giving away important information about themselves.

Did you know that 92.4% of malware is delivered via email? That makes it the number one method of attack, and means you should always be on the lookout for anything unusual in your inbox.

There’s always more tech you can put in place to protect your website, but you mustn’t forget that 95% of cybersecurity breaches are due to human error. Protect your website by being on your guard, and being suspicious of texts, emails, or phone calls asking for personal information.

It sounds simple enough, but scams are growing ever-more sophisticated. Here are five things you can do to make sure your website doesn’t open the door to unwelcome visitors: 

1. Beware of public or open internet connections if you’re working in a shared space like a cafe – they won’t be secure!
2. Never click on links in emails that seem suspect – delete the email straight away! This is still important if you’re using a professional email connected to your website, rather than a personal one.
3. Be careful who you grant access to your website – check admins are people you can trust, and make sure they’re security-conscious.
4. Change the default settings, passwords, and usernames of your site as soon as you’ve set up your account – this is especially important for WordPress sites.
5. Only trust verified professionals to access your site. For example, scammers sometimes want to take control of your screen under the pretense of fixing a technical issue.

You get the idea. We know this seems like common sense, but phishing emails are becoming increasingly realistic – so stay on high alert!