A website attack occurs every 29 seconds in the US, affecting one in three Americans every year. Not taking proper steps to secure your website puts your customer’s data and the stability of your platform at risk. A cyber attack can easily lead to system downtime and could cost you thousands to millions of dollars in damages. Implementing security protocols is a high priority among all of our clients, as it is generally thought of as a complicated process that is not easily tackled on their own. While we are able to integrate solutions into your platform to safeguard against hackers and malware, there are some steps you can take to ensure your website remains secure.
SSL stands for Secure Sockets Layer. It is one of the easiest things you can do to protect your website, as well as yourself and your customers. It is the reason for the “s” in “https” that appears with any website address. It encrypts data passing between your site and your users.
It is particularly important to have SSL security if you accept payments through your website or collect visitor information.
SSL certificates boost SEO, and ensure your visitors that your website is using an encrypted channel.
There are many ways to install SSL. You can choose a high quality website builder that includes SSL for free, install a basic SSL for a fee yourself, or you can choose a hosting provider (like us) that provides free SSL with all plans.
Use anti-malware software
This software scans for infectious bugs and prevents malicious attacks without you having to do anything at all. Services include web scanning, malware detection and removal, vulnerability patching, web application firewall, DDoS protection, and PCI compliance.
Choosing a good web hosting provider will cover your bases here, as it is the provider’s job to maintain server security and monitoring protocols.
Secure your passwords and change them regularly
We know it can be hard to keep up with all of your passwords. But, you should never repeat passwords among your accounts, because once a hacker discovers one, they might be able to access any and all accounts you may have.
There are solutions out there for managing your passwords. We personally love using Dashlane to securely store passwords, and it even has an encrypted password generator for high level security.
When creating a website, you should never use personal information. It is the first thing hackers will try. Make your password long by combining three memorable phrases that are not related.
Keep your website up to date
This step is not one you will have to worry about too much if you have your website managed for you, because software updates and security issues will be handled on a regular basis automatically. However, if you are using a platform that you manage yourself, you will need to run updates for core software and any plugins you’ve installed.
Outdated software and plugins become vulnerable to bugs, glitches, and hackers. You can usually set updates to happen automatically, but it is a good rule of thumb to check on it regularly.
Don’t help hackers
This sounds like an obvious statement, but actually hackers can be extremely sneaky. Almost 93% of malware is delivered via email, making it the number one method of attack. Additionally, 95% of cybersecurity breaches are due to human error.
If you receive an email asking for account information or requesting you to click a link, double check the sender’s address to make sure it came from a verified source. Scammers will often create accounts that look like they came from a service provider you may have, but with one wrong letter or other minor change.
Be wary of using public or open internet connections as they generally aren’t secure.
Do not grant access to your website to just anyone. Make sure they are a trusted source. This is especially important if you encounter a scammer claiming to be able to fix a technical issue or to install antivirus software.
Manually accept on-site comments
Comments are a great way to build social proof and engage with your audience. However, there are bots, fake accounts, and trolls out there that can pose a security risk to you and your users. Malicious links can easily sneak into a comments section that can be dangerous for visitors.
You can change your site settings to manually approve comments before they appear on your site, giving you the opportunity to delete any spam that may pop up.
Backup your site regularly
Creating a backup of your site ensures that if something did go wrong, you would still have a recent version of your website on hand. A backup is essentially a carbon copy of your website data, including files, content, media, and databases.
You can use a paid backup service that does the work for you, or you can use a WordPress plugin to manage your own backup preferences.
The easiest way to backup is by going with a web host that includes backups in its plans.
The more frequently you update your website, the more frequent your backups should be.
Common Red Flags
Now that we have reviewed some great ways to keep your website secure, you should also understand what a hacked website actually looks like. While there is no “standard” look of a hacked website, there are definitely clues and red flags you can see. We have compiled a list of ways hacking can appear:
Ransomware: The hacker will demand ransom to be paid or else they will publish your data or lockdown your site, restricting access.
Gibberish hack: You will find many new pages full of keywords and gibberish, to get them ranked on Google for keywords. When the pages are clicked on, they’ll redirect to a sketchy website.
Cloaked keywords hack: This is the same approach as the gibberish hack, only the pages will look like your own site pages, but with altered content.
Japanese keywords hack: This hack creates random pages in Japanese with various links to online stores selling fake merchandise.
Malicious code/viruses: The hacker will install a malicious code or virus, causing your site to go down or prevent you from accessing it. This may also affect your hardware.
Denial of Service: Hackers use bots to overwhelm your site, crashing the server it is hosted on.
Phishing: This is common among scammers who will contact your clients pretending to be part of your business to gain access to personal information.
Let's upgrade your marketing game.
Get fresh tips, how-tos, and expert creative advice every week.
Share this article