Improving your website protection

James Rowlands shares his top five tips for securing and protecting your business website in 2022.

For most businesses, a website is the key part of an online presence, and increasingly the way the business communicates and sells to customers. For these reasons, it’s crucial a website is well-built, so it is able to attract and convert customers. It’s also vital that a website is secure, since any website is vulnerable to hackers.

Hacking attacks can be devastating for a business, so here are five key ways to protect a website from attackers:

1. Install an SSL Certificate

An SSL certificate is a piece of code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s a bit like sealing a letter in an envelope before sending it through the mail.

Websites need SSL certificates to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and convey trust to users.

SSL certificates are issued by Certificate Authorities, which are organisations that are trusted to verify the identity and legitimacy of any entity requesting a certificate. Your host should be able to install a certificate for you. Many hosts these days offer it for free, using a service called LetsEncrypt.

2.  Please use strong passwords

It may seem simple, but using strong passwords on a website is your best first defence against attack.

The key aspects of a strong password are length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols; no ties to your personal information; and no dictionary words.

The good news is you don’t have to memorise long strings of random letters, numbers and symbols. Instead, you can use an app to store your passwords securely. Why not use a password manager like 1Password (https://1password.com)?

If you’re concerned that your password has been compromised, check it at https://haveibeenpwned.com. Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

3.  Complete regular offsite backups

A website backup is a copy of all of your website data. The core goal of an offsite backup is to have a secondary location where the data is located, so if there is a loss at the original location, then the secondary backup will be safe.

Having an offsite and onsite backup is key to ensuring business continuity and planning for disaster recovery. Remember, a backup is the main guarantee that your site can be completely restored after any problems and crashes.

A site backup helps if you inadvertently delete some important elements, a theme or plugin/module harms your site, or if the website is hacked.

Don’t rely on your hosting provider to backup your website. You need to be able to recover and reinstall your website yourself. Use the plugin UpdraftPlus (https://updraftplus.com), which has both a free and paid version and allows you to automatically backup your website to Dropbox, GSuite and more.

4. Install a security plugin

A security plugin like iThemes Security, provides extra protection for your website and is valuable because it provides real-time monitoring of your website, ensuring you are alerted to security-related events on your site 24 hours a day, 7 days a week.

iThemes Security provides a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro). The Pro version provides even more security including the ability to hide the wp-admin backend.

5. Ensure your site is always updated

Ensure that you keep WordPress, your Themes, and your Plugins, updated to the latest version. You can do this from the Admin dashboard of your website.

Always take a backup of your website first, in case something goes wrong with the upgrade. WordPress updates help keep your website safe and bug free as well as make sure you have the newest features, better compatibility, and a smooth WordPress experience.

A big part of WordPress updates are security releases. So, even if you’re not currently looking for the latest functions and features, keep in mind that you still need to keep your site secure. Most WordPress hacks happen to sites that have not been updated.

James Rowlands (pictured below) is the founder of The Website Guardians james@thewebsiteguardians.co.nz