It is a digital 21st century fact of life. Despite constant improvements in online security, websites are more likely than ever to be hacked. Across the board, website hacking incidents have increased for sites of all sizes. Mega sites and even some USA government sites have recently been hacked as well as small business websites.
And while high-end security can be expensive, the good news is that small businesses can defend their sites effectively with more basic precautions.
Website security is now a critical issue that all web publishers need to address and protect against. To that end, we will be offering a few tactics that small web publishers can use to deter hackers.
So how do you prevent this from happening? The truth is you cannot be 100% protected. Witness the recent news stories about mega-sites such as LinkedIn getting hacked, including even a few of the USA government sites.
The best you can do is be diligent and check your site regularly.
How do you protect yourself? Here are a few tactics to employ, broken into three groups:
- Your local computer
Here are a few technical website security tips to discuss with your Webmaster:
- If you have a website with login capabilities, purchase TSL or SSL support from your web host or domain service provider. This encrypts the login username and passwords at the Users computer before it is sent over the internet. If you don’t do this, hackers can pick up those credentials and gain access to your site. Don’t imagine that hackers aren’t listening or care about your site, because that is simply not true.
- Secure your file access. If you’re using FTP, switch to secure FTP (sFTP) or Secure Shell (SSH). You do not need a certificate for this. Most webhosts support this at no extra charge.
- If you are using a popular, open source content management system (CMS) like WordPress or Joomla, install a robust security plug-in, preferably one that can take advantage of the SSL certificate.
- Protect yourself at the network level. All webhosts have firewalls, but an intelligent network security application improves security, reliability and performance.
- Back up your site regularly, keep copies on multiple locations along with documentation on how to restore your site. If you site is hacked, the last thing you want to do is discover you really don’t know how to bring It back, are missing a password or lost some important file.
- Make sure your site is running on current software and is up to date. This applies not only to applications like WordPress but server components like PHP and MySQL. “Isn’t that the web hosts responsibility?” Yes and no. Not all web hosts keep their environments up-to-date for varying reasons.
On the non-technical level, we have some common sense, but frequently overlooked suggestions:
- All hosts are very much the same when it comes to serving static HTML, but it quickly gets more complicated when it comes to PHP applications like WordPress and security. Be sure to have someone who knows what they are doing look into this for you.
- Make sure all passwords are an alphanumeric combination. Also change individual passwords on a regular basis.
- Keep the admin password to yourself.
- Disable employees’ passwords as soon as they leave your employ.
For your local computers, we have some common sense, but frequently overlooked suggestions:
- Email security – delete your password trail from your PC as well as from your Gmail, MSN or other email accounts – including on the cloud servers. Go back to the old style “paper & pen” method of marinating your passwords. Just be sure to keep that list in a safe & secure place.
- Keep all virus protection and malware protection up to date.
- Maintain and install all Windows updates.