Website Security Guide
Your website is at danger.
I’m not really saying this to try and frighten you, but that’s the fact of the world we reside in. More than 30, 000 websites get hacked each day.
You can’t have an “it won’t happen to me” mindset. I encounter businesses at all times who feel this way. They think hackers have bigger fish to fry plus don’t have any reason to their website. That’s simply not the situation. In fact , 43% of cyber crimes are against small enterprises.
Roughly 1 / 2 of companies worldwide say they have got experienced a cyber strike in 2019. Just forty percent of businesses say they’re prepared to handle cyber episodes.
I don’t have a magic amazingly ball or some way to see into the future, but my gut tells me that cyber criminals aren’t going to simply wake up one day and choose to stop hacking websites. Bottom line: Hackers won’t stop trying to get an edge. That means you need to regularly improve your website security.
That’s what influenced me to write this guide. Ill show you what needs to be performed to secure your website today, in 2020.
Common Website Security Threats
Websites get attacked in a lot of different ways. So before we proceed, I wish to give you a brief overview of many of the most common threats to your website protection. These are the things that you’ll desire to be prepared for when using security measures.
We’ve all been contacted with a Nigerian prince or had a distant, wealthy relative expire and needed to claim the money. Usually, it’s annoying—but relatively harmless if you disregard it.
However , sometimes spam much more malicious. Spam in the form of responses is extremely common on websites. Bots can hammer the comments portion of your website with links to another site as an attempt to develop backlinks.
These types of comments harm your website because:
- They will don’t look good on your web site and might turn visitors off who might otherwise engage with your content by commenting.
- Phishing links might contain spyware and adware, which can harm your website website visitors if they click on them.
Furthermore, Google’s crawlers can often detect destructive URLs and penalize your site for hosting spam. This will crush your SEO ranking.
Viruses plus malware
For those of you who don’t know, spyware and adware stands for “malicious software. ” So malware and viruses are essentially the same thing. Adware and spyware is arguably the biggest risk to your website. As much as 350, 000 malware samples are created each day.
According to Statista, these are the most common types of adware and spyware used in cyber attacks around the globe:
As you can see, malware comes in all different shapes and sizes. That’s why it is such a big threat to your website.
These types of viruses are often used to access private data or use server assets. Criminals also use spyware to make money with ads or affiliate links by hacking your website permissions. Cyber criminals are able to introduce malware into the computer infrastructure in a variety of various ways including emails to employees, redirects, and direc feet hacking.
Our biggest piece of recommendation: Don’t click on weird links. That might seem like a, “Well, duh” moment, but it’s easier to fall for the capture than you think. Be sure to teach your employees and any users who might be utilizing your company’s computers on the significance of keeping vigilant online.
With adware and spyware, both you and your website visitors are in risk. Someone visiting your internet site could click a link that will downloads a malicious file onto their computer. It is your job to keep your website secure and prevent that from happening.
WHOIS domain registration
Purchasing a domain name is like buying a house. The company that sells the house must know who they’re supplying and be able to contact them. Plus, anyone can go to the county auditor and find information about any address.
The same goes for buying a website. With respect to the country you’re in, you will be required to release some information regarding yourself that is recorded upon WHOIS data. Outside of your personal information, this also contains information about your URL nameservers (these are the servers that connect your domain name to your real web server).
Hackers can use this information in order to narrow down the location of the server that you’re making use of. They can use this as a entrance to access your web machine.
DDoS attacks deny access to users looking to visit a specific website. Basically, the hacker uses spoof IP addresses to overburden servers with traffic. This particular essentially takes the website off-line. Think of it as spamming website traffic for your site. Instead of you taking advantage of more traffic though, your website crashes.
Now the host has to scramble to get the server back up and running as fast as possible, which usually leaves the server vulnerable for malware—not to mention the loss of revenue and credibility for you.
These attacks are on the increase too. In Q3 of 2020, websites saw a 50% increase of DDoS attacks when compared to 2019.
Search engine blacklists
When you don’t keep your website safe, it’ll have a ripple effect in other key areas of your business. For example , if your website is bombarded, Google might take notice and diminish your SEO rankings.
According to a recent study, 74% of hacked websites were attacked regarding SEO reasons such as including backlinks to your website. They can also create new web pages on the website or display an entirely different site in order to bring your ranking down and boost the ranking of no matter what site they want.
I briefly mentioned this earlier when we were talking about spam comments. If search engines detect malicious content in your website, your SEO rating will suffer.
If lots of users are reporting your site as spam or unsafe, you could be added to google search blacklist. Once you’re on that list, it’s incredibly difficult to get off.
Here are a few ways people can report your website for safety issues on Google:
- Web page junk mail. These are internet sites that attempt to get better placement on Google results through black hat methods such as concealed text, redirects, and cloaking.
- Compensated links spam. This is the purchase and sale for links that pass Pr.
- Rich snippets spam. If you give leaders false or misleading details such as fake reviews.
- Malware. This is when sites are infected with malware and present a dangerous user experience as a result.
- Phishing. These are websites and pages designed to steal your own personal information by posing an additional page (e. g. making a fake PayPal landing page to obtain bank information).
The best way to avoid being reported is to play with the rules and do right from your website visitors. That starts with keeping your website safe.
How to maintain your website safe
Now that you’re familiar with some of the most common security threats, you should get serious about preventing them from ever happening in your website.
You can’t just assume that your website is safe. If you haven’t done everything to beef up the security, it’s most likely vulnerable for attacks. Even though you have done something, you need to maintain updating your site and ensuring that it’s still secure. The web moves fast. There’s no room for “probably” here.
They are the steps you need to decide to use improve your website security within 2020.
Use HTTPS protocol
If your website isn’t presently using HTTPS protocol, that needs to jump to the top of your priority list. This essentially tells your website visitors that they’re interacting with the proper machine and nothing else can alter or intercept the content they’re looking at.
Without HTTPS a hacker can change information on the page to gather private information from your site visitors. For example , they can steal login information and passwords from users.
HTTPS protocol will even improve your search ranking. Google benefits websites that use this protection measure.
This is comforting to people who visit your website as well. When they visit your site, they’ll see this next towards the URL:
It’s protected and trustworthy. Now, compare it to a site that’s not using HTTPS process. The URL in the internet browser will look like this:
Do you feel secure when you’re browsing on the website and see this? I don’t.
Furthermore, you can improve this security measure even more by combining your own HTTPS with an SSL (secure sockets layer) certificate. This really is required for ecommerce websites considering that users are submitting sensitive information like credit card amounts, names, and addresses.
SSL certificates encrypt the communication between the server and the user’s web browser. It is a very nice added layer associated with encryption to keep your website safe (though it doesn’ to prevent attacks or spyware and adware distribution). Even if you’re not really selling anything on your internet site, I strongly recommend using HTTPS protocol and adding an SSL certificate to add protection.
Update your software
In case you own a computer, you know how often you have to update the program to keep it running smoothly. They may be annoying, but they’re essential. The same goes for your website. Be sure you have the most recent version associated with WordPress software, plugins, CMS, and anything else that needs an update.
In addition to fixing bugs or even glitches, software updates generally come with security improvements. No software is perfect. Hackers will always be looking for ways to take advantage of their vulnerabilities.
Lots of internet attacks are automated. Criminals use bots to just find websites that are vulnerable. So , if you’re not staying current on the latest software versions, it will be easy for hackers to distinguish and target your site before you do anything about it.
Choose a safe web hosting plan
Theoretically, if your web hosting provider provides security on its computers, you’ll benefit from those exact same levels of protection. However , that is not always the case.
Going with a shared hosting plan might be appealing because of the price, yet it’s not the most secure choice you can make. As the name implies, you’re sharing servers along with other websites if you choose this type of hosting plan.
If one of those other websites gets attacked, a hacker can gain access to the server that you’re using as well. That means hackers might hurt your website even though you’re in a roundabout way targeted.
It is like if you shared a flat with roommates—but one of your roommates accidentally leaves the door unlocked one day. Then a burglar came in and stole the residence television. Even though it wasn’t your own fault and you weren’t always the target, you still suffer from this.
I’m not trying to steer a person away from a shared hosting program, but if you want to boost your web site security, you’ll be better off with another option for example Cloud or VPS.
Check out the list of the best web hosting providers, which can help guide you within the right direction.
Change your password
Change your password—and do so regularly (every 6 months to a year). I can’t stress this particular enough.
Sometimes I speak to people who have the same password for everything these people own, and it’s some thing they’ve been using since they had been in college ten years back.
Here’s the problem with that: if hackers obtain access to your password, they’re going to try on other things such as bank accounts, social media accounts, and more. When you have kept the same password more than multiple different accounts, you’re essentially handing them the particular master key to your Internet life.
Shockingly, 25% of passwords can be hacked in just 3 seconds.
The information using this graph was obtained using an open source software known as John the Ripper. Anyone can use this tool to split passwords.
In case software like this can find out more than half of passwords in only two hours, I can promise you that the best cyber-terrorist are cracking passwords also faster.
That is why you need to constantly update your own password. You can use a password manager like 1Password to assist you generate long passwords along with special characters that are almost impossible to solve. These password supervisors also leverage powerful encryption that keeps your passwords safe from hackers. You can rest easy knowing that your own passwords are safe.
Furthermore, you should pick a web host that’s using two-factor authentication. This is a feature that requires you to confirm a login on a separate device (most commonly a smartphone). This can add an extra layer of security for password safety. If your web host doesn’t provide this, there are other ways that you should enable it on your own making use of apps or third celebrations.
Secure your personal computer
Do not allow your own devices to threaten your website.
Hackers can inject malicious files into websites by stealing FTP logins through your personal computer. That’s las vegas dui attorney need a good antivirus software program on your computer (yes, even if those McAfee popups annoy you).
Not what you want is to be careless whilst you’re browsing online on personal devices and have that mistake end up hurting your personal website. This is especially essential if you use a personal device for the work.
If you’re a business owner, make sure to educate your employees to shield their personal computers from poor actors. In either case, scan your own machine on a regular basis.
Use tools to monitor your security
You can not manually prevent attacks on your own website. Instead, look for on the web tools and resources that will monitor your site’s safety for you.
If you use WordPress, I recommend looking at my guide within the best WordPress security plugins. The plugins on this checklist add a firewall to your website while simultaneously fighting malware, junk e-mail, and other threats in real time.
If you don’t make use of WordPress, check to see if your website’s content manager offers great security add-ons. Otherwise, have a look at this list of good endpoint security software that’ll maintain your IT infrastructure safe regardless of what your CMS.
You can run security audits that will highlight your vulnerabilities so you can take preventative measures to stop an attack just before it happens.
Limit user access
Don’t blame your self, but 95% of cyber security attacks are the consequence of human error. That’s precisely why it’s so important to educate your self and your employees about the importance of cybersecurity.
The best way to prevent this is to limit the number of humans who are able to make an error. Not every worker of your business should have entry to your website.
Should you be hiring an outside consultant, developer, or guest blogger, don’t automatically give those people entry to change settings on your website. Implement the principle associated with least privilege.
Let’s say you assign a project to someone who needs a certain level of access to your site. By applying this principle, you only give them the absolute minimum level of access for they need to total the task. Once complete, the person goes back to their regular accessibility abilities.
Make sure each user has their very own login credentials. If several people are sharing a account information, it doesn’t give them any kind of accountability and makes it tougher to trace a security breach. Your own team is much more likely to be cautious with sensitive information when an error or change could be traced back to them.
Backup your website
When it comes to securing your website, you should always prepare for the most severe. Obviously, you never want to be in a situation where your website is affected. But in the event that something goes wrong, your life is going to be much easier if your content is completely backed up.
So try using a backup wordpress plugin, like BackupBuddy, to make sure you don’t lose anything in your website as the result of an attack.
BackupBuddy is one of the five greatest WordPress backup plugins which i reviewed for this year. See the full list to see which option is best for your situation.
Some of these backup plugins also come with built-in security measures as well, which can assist you to prevent an attack.
Adjust your default CMS settings
So many cyberattacks these days are automatic. Hackers program bots to find sites with default settings. This way they can target the wider range of websites plus gain access using the same type of malware or computer virus. Don’t make it so easy to them.
Once you set up your CMS, make sure you alter some of the default settings:
- Comments settings
- User controls
- Visibility info
- File permissions
These are all examples of some of the settings that you can change quickly plus right away.
Limit file uploads
Letting website visitors upload documents to your website can be risky. That is because any file may potentially contain a script that intrusions vulnerabilities on your website whenever it’s executed on the machine.
In some instances, the type of your website might require document uploads. For example , you may want users to add photos of your products when they’re writing a review. In cases like this, you should still treat most uploads as a potential risk.
You could also set it up so that any files that get uploaded are kept in a folder or data source in another location. This particular typically looks one of 3 ways:
- DIY. You can create a script which will fetch those files from a private and remote location to deliver them to a browser. This will require some code and is a bit complex to create, so I won’t go into a lot of detail on this right now.
- 3rd party software. You will find third-party software such as Filestack and Transloadit that offer a secure file upload system with high grade security and virus protection. This can obtain pretty expensive though.
- Avoid this. The simple solution is to avoid file uploads entirely, or at least restrict the varieties of files that can be uploaded for your site.
Choose the best for you. The important thing is to choose one and protect your site.
Website security needs to be one of your top focal points.
If you haven’t taken any steps to secure your website, you’re currently at risk while you’re reading this. Even if you have taken the steps, you need to do so regularly and often in order to keep your website secure.
Being vigilant plus implementing the right systems can help set you, your website, and your business up for success when it comes to avoiding bad actors. But you can make this difficult on them by taking the security measures that I’ve outlined above.
At the end of the day, if cyber crooks are having a tough time hacking a website, they’ll just move on to sites that haven’t implemented the website security tactics that people talked about. You don’t need your website on that list.