8 Web Protection Tips to Secure Your Website
Your website is the focal point of your business. It’s where you post your great content and ideas, and where your customers come for great service.
That’s why it’s more important than ever to make sure that your website and server data are safe and secure. With the rise in popularity of site software like WordPress, it’s becoming easier for intruders to gain access to hijack a website.
All it takes is a little bit of monitoring and the right site exploit for hackers to gain access to your site. Make no mistake, these hackers are out there. On average, they cost US businesses around $15 million per year!
Protect yourself and protect your business. It’s time to learn about basic website protection tips and how you can keep your site safe. We’re sharing 8 easy to implement steps below.
1. Use HTTPS Instead of HTTP For Better Web Protection
Every website uses either the HTTP or HTTPS protocol for web traffic. But what’s the difference? Several layers of security, actually.
While HTTP is still commonly used, it’s far easier to gain access to data transmitted over this protocol as the connection between the server and the browser is unencrypted. HTTPS, on the other hand, encrypts all information communicated between the server and the client. This is critical for any website that has a login form or that captures any client data.
The HTTPS protocol not only ensures that data to the server is encrypted, websites with the green address bar badge have also gone through extended organization validation. This means that the company that issued the HTTPS SSL certificate verified the company that purchased the certificate.
Think about it like the front door of your home. You could simply leave your door unlocked but closed. It’s a deterrent but not a very effective one. Locking your door, on the other hand, adds a crucial element of security. It may be a simplistic comparison, but this is generally how HTTP and HTTPS differ. Make sure you’re using HTTPS whenever possible. Your clients (and their data) will thank you for the added layer of security.
2. Keep Site and Server Software Up To Date
A few moments can make the difference between an insecure site open to hackers and a secure one. Instead of exiting out of those annoying update reminder messages, take the time to keep your software up to date.
Even the most popular website building tools contain security vulnerabilities. Users are constantly trying to poke holes in software to see how it can be exploited. That’s why website software is being constantly updated to patch security concerns.
Take Sony’s 2015 hack, for instance. Hackers gained access through a “zero-day vulnerability”. Hackers saw the exploit immediately after the software’s release and jumped on it before Sony could patch it.
It may be annoying to update individual pieces of software and site plugins, but you’ll be glad you did. If you’re using a managed service, you can also talk to our team about services we may be able to provide to automatically keep your website software up to date.
3. Change File Names and Permissions
One of the easiest ways to improve website security is ensure all of the directories in your website have the correct file permissions. Take the time to review the installation guide for your website software. It should define parameters for which permissions each directory needs. When in doubt, choose the permission settings that give outside users the least amount of access. For instance, in WordPress:
- All files should be 644
- All folders should be 755
- wp-config.php should be 600
You should also consider choosing different names for default users and directories that can be modified. Most intruders would assume that the admin user may be called “admin”, so pick a name that is unique to your site.
4. Update Your Passwords Regularly
One of the best web protection practices is updating your website password regularly. This is important because the websites you use regularly are becoming compromised at an alarming rate. Often times, these compromises are not announced until months or years later.
Ideally, a password shouldn’t last any longer than around 3 to 6 months. That way, even if a password is compromised it can only be used for so long. If you’re using a password manager with a unique password for each site, then you might consider changing your password less frequently.
When you do change your password, make sure it’s more than a simple change at the end.
Let’s say your password is: “Iloveservers” and it’s time to change your password. Which of the following do you think would be more difficult to guess?
“Iloveservers1”
“Iluvservers1.”
Neither of these passwords is a very good one, so use something much longer with a variety of numbers, letters, and special characters.
5. Stop Choosing Bad Passwords
While we’re on the topic of passwords, let’s take a moment to discuss bad passwords. Yes, they’re easy to remember. But that’s precisely the problem.
Hackers are banking on the use of simple, easy to guess passwords, so don’t make their job any easier.
The most common password is still “123456”.
Your password matters. A lot. Make sure you’re using a password that incorporates both letters, numbers, and special characters.
6. Use a Password Manager
Speaking of remembering passwords, it’s never a good idea to use browser auto-fill or write down passwords. While it’s certainly a convenient feature, it exposes your passwords to anyone who may gain access to your device.
Skip the auto-fill and keep your passwords in a safe, secure location such as a password manager with two factor authentication. This will ensure every password you use is unique and strong.
7. Backup Your Site Regularly
Sometimes things just go wrong and your site could go down. It happens to even the best hardware and servers. Accordingly, it’s a good idea to backup your site’s info in a variety of locations. That means you’re going to backup your site more than once.
You can backup your files on the server your site is hosted on as a first level of backup . But you must also backup your site’s data on a server location in a third party location, or to a local disk.
In general, the more locations your backup is stored, the better off you’ll be in case of an emergency.
8. Read Tech News
Finally, make sure you’re aware of what’s going on in tech news. The more informed you are, the less likely you are to make a simple but costly mistake.
Find a variety of sources you trust and read their content regularly.
Sites like TechCrunch, Wired, and CNet all report on web protection on a pretty regular basis. All you have to do is subscribe to their RSS feeds or set a Google alert and you’ll be better informed.
You Can’t Afford Poor Web Protection
In today’s world of data breaches, it’s important to keep your info safe and secure. Finding a service that you can trust makes all the difference. Whether you’re looking for a dedicated server, cloud server, or DDoS protection, ServerMania would love to help keep you safe.
You deserve to have some peace of mind when it comes to web protection. Get in touch today and see the difference a managed server can make.