As web developers, there is nothing more terrifying than the thought of seeing all of your hard work being altered or wiped out entirely by a hacker. This is what our nightmares are made of.
With control over your website database, a hacker could steal credit card numbers, erase the data on your website or infect it with viruses. Often, the security breaches are usually attempts to use your server as an email relay for spam, while at other times, sheer destruction is the only thing the hackers are after.
We have compiled a list of 5 super simple and basic measures you can take (even without any coding knowledge whatsoever) to ensure that your website stays safe. While they might sound simple, usually,even the most basic security measures will discourage many hackers enough to make them search for easier picks elsewhere.
1.Update Update Update!!
Update Everything!
Whether you built the site yourself or the website was built by a development team, as the site owner/ manager it’s important to ensure that every piece of software installed is up to date. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum.
Delaying an update exposes you to attack. Most hacking these days is performed as an entirely automated process, with bots searching Google using ‘Google Dorks’. Hackers can scan thousands of websites an hour looking for vulnerabilities that will allow them to break in.
CMS providers like WordPress, Joomla and Drupal work round the clock trying to plug any holes in their systems and release regular patches and updates that make their software less vulnerable to attacks. Equally important, if your site uses third party plugins, keep track of their updates and ensure that they are updated on time as well. Also make sure you clean out your website of any unused, old and non-updated plugins. Even though it may seem obvious ensuring that your website is up to date is vital in keeping your site secure.
2.Use Strong Passwords
This one’s another no-brainer that most people overlook. Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
Using strong passwords is an effective way to limit if not completely eliminate brute force and dictionary attacks. As a rule of thumb make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long to prevent brute force attacks.
Do not use the same password for all your different website logins, and make sure you change your passwords regularly to keep them doubly secure. As an extra precaution, you can store all users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords.
3.Install security plugins, and Firewalls
To enhance the security of your website once your platform and scripts are up-to-date, look into security plugins that actively prevent against hacking attempts. Just as you lock your doors before leaving your house and install antivirus software on your desktop computer before browsing the web, you should also have a security system to serve as your website’s first line of defense against hacking attacks
For example if your website is built on WordPress, you can install free plugins like Better WP Security and Bulletproof Security (or similar tools that are available for websites built on other content management systems). These products address the weaknesses that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.
Alternatively – whether you’re running a CMS-managed site or HTML pages – take a look at SiteLock. SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more. If your business relies on its website, SiteLock is definitely an investment worth considering.
4.Set permissions
This rule only applies to sites that have multiple logins. It’s important that every user has the appropriate permission they require to do their job. For example, if you have a friend that wants to write a guest blog post for you, make sure their account does not have full administrator privileges. Your friend’s account should only be able to create new posts and edit their own posts because there is no need for them to be able to change website settings.
Having carefully defined access will limit any mistakes that can be made, and hacker access through compromised accounts.