Like a pension or life insurance, website security is something we all know we should have but often don’t take seriously until it’s too late.
But any webmaster, whether novice or professional, needs to stay on top of security or face the gruesome consequences.
If you host a personal website or blog, the worst that can happen you’ll be shut out of your site or have it hacked and abused. Annoying, yes… frustrating, most likely… embarrassing, probably. But not the end of the world.
However, if you operate a business or eCommerce site, you could face serious consequences like sales nosedive or even prosecution if you’re responsible for the loss of your customer’s personal information and payment details.
The good news is, there are many easy ways to stay on top of website security. We’ve summed up six of them below.
- Pick the right hosting provider
There are so many options out there when it comes to web hosting that it is tempting (especially if you’re inexperienced) to assume they’re all the same and therefore choose the cheapest option.
Though there are some great cheap web hosts, you don’t have to be an expert webmaster to realize some cheap hosting may not be as secure as more expensive options. As the saying goes, ‘you get what you pay for’.
So, it’s worth doing a little research to make sure your provider has a good reputation, experience, and has the right level of security that your website requires. Of course, no website is 100% secure (just ask any of the high-profile organizations that have been subject to a major security breach) but choosing a trusted and reliable hosting provider gives you solid foundations to build on.
- Update your website regularly
Yes, we know updating software on your computer can be a pain, especially when it requires a chunky download and restarting your device, but that doesn’t mean you should avoid website updates.
They’re there for good reason and, more often than not, that they keep your website safe from malware and bots. If you’re using a popular content management system (CMS) like WordPress, Joomla or Drupal, these updates can happen automatically.
If not, make sure you visit your dashboard regularly and watch out for any update notifications for your CMS, your theme, and all plugins. Ignore these updates at your peril.
- Get a SSL Certificate
Having a secure sockets layer (SSL) certificate not only keeps your website safe, it will also drive more traffic to your site. Major search engines like Google will block click-throughs to your site with an ‘it’s not safe’ warning if it doesn’t have one. Yikes!
An SSL certificate uses encryption to make sure the important data between a web browser and web server is secure and much harder for hackers to access. So, having an SSL is crucial if you’re handling sensitive data on your website, e.g. user passwords, logins or payment details.
Your SSL gives your customers peace of mind and is a legal necessity for some website, e.g. if you are running an ecommerce business.
Some web hosts offer a free SSL with their plans but, for others (e.g. GoDaddy), you’ll pay an extra fee if you want one.
- Use strong passwords
We’re all guilty of using our names, birthdays, and even company names in our passwords. While this does make it easier to memorise them, it leaves an open door to your website for every hacker with even a basic awareness of your personal info.
So, use a strong password site admin password and change it on a regular basis. If you have trouble memorising complicated passwords or end up noting them down in a little black book that you’re terrified you’ll lose, try using a password manager like LastPass. Password management software stores, encrypts and protects all of your passwords and enters them automatically when you’re using your own computer, on a known IP address.
Remember, If you notice any unusual activity on your site, change your password immediately. It might mean that you’ve been hacked.
- Back up your website data
Hands up who doesn’t do this? Yep, we thought so. In that case, you must have some magic plan in place for accessing your site should you get locked out. No? Oh dear.
For us mere mortals, being locked out of a website could be a disaster, which is why we always back it up.
Your hosting provider should do automatic backups, and your CMS will have plugins that will do the tedious tasks for you. If you employ a web developer to look after your site, they should have set this up when they got your site live. If not, it something you’ll have to learn to do yourself.
The final word
Trust us when we say you’ll thank when you action this advice. By making your website more secure now, you’ll avoid problems further down the line and reduce your workload long-term. Plus, none of the tips above will take up a lot of your effort or expense. So, what are you waiting for?
This post may contain affiliate links.