Over the past few years, website security has become an increasing concern as web hacking and malware has become more aggressive. Make sure you are following these four best practices to keep your website and website visitors safe.
In 2017 Google announced impending changes of requiring websites to have SSL certificates to make websites more secure and protect against hackers. SSL stands for Secure Sockets Layer and is the standard security technology for establishing an encrypted link between a web server and a browser. It essentially ensures that the information sent between the user and the website stays private. Pre-2017, SSL was only standard for ecommerce websites where a transaction was taking place. In July 2018, Google cranked up the requirements for SSL certificates and now marks all HTTP websites that don’t have this added layer as “non-secure websites”.
Installing an SSL certificate changes your HTTP to HTTPS so if you’re not sure if you have an SSL certificate, just go to you URL and type in HTTPS://www.yoururl.com and see if your website shows up. If you don’t have one, engage a web developer to add one to your website.
The certificate itself costs on average $75/year and is purchased with your website host. After the certificate has been purchased, a developer can add it to your domain and then make sure that the HTTPS url is part of the main address for your website.
Keep Software Up to date
In order to keep your website secure from hackers you must also keep WordPress and Plugin versions up to date.
Each new release of WordPress is accompanied by an announcement, accompanied by a change log. Telling the public, hackers included, what was modified in each version. The list gives hackers insight into the vulnerabilities of the older versions of the software, like a road map telling them where to attack for best results.
Plugins are used on your website to create forms, galleries etc. Popular plugins make an easier target for hackers because they can find a weakness and then replicate the hack on any sites running the same plugin version.
Add an extra layer of security to your website by adding Sucuri to your website. Available as part of a hosting package with Godaddy or directly on their website, Sucuri offers different levels of security to add to your website, including firewalls.
If you’re unlucky and experiencing a hacked website, Sucuri will clean the malware out of the code for your website for a relatively low fee and get your website back up.
Speaking of “back up”, do you have a backup of your website? Most hosting companies offer good backup solutions of your website for worst case scenarios. This can be helpful not only if your website gets taken down by malware but also if you forget to pay your hosting bill or make updates yourself and inadvertently take down pages of your site. It can take hours and be very expensive to rebuild a website to make sure you have a good backup in place.
Last but not least, please make sure you have a safe and complicated password to your website. For instance, if you have an extremely simple and common password that’s seven characters long (“abcdefg”), a pro could crack it in a fraction of a millisecond. Add just one more character (“abcdefgh”) and that time increases to five hours. Use a password database and generator like PassPack to keep your passwords safe.
Need help with website security? Contact us for details on our security plans starting at $99/month.