Having been bombarded with news of the recent ransom-ware attack on the NHS, it appears like there are new depths to which cyber-criminals and idiots who do this stuff ‘just because they can’, will stoop. In what was once thought to be secure, a new vulnerability or cyber-mischief emerges resulting in a hacked website.
And if your site has been successfully targeted by a hacker, its bad news and can affect credibility and even Google rankings.
Despite media hype, if you have taken proper, planned and structured steps to keep your site safe, the reality is that there is not much to worry about. A lot of our website design clients have been concerned by the recent events, and asked for advice on improving their own website security.
So here our list of the top 5 best practices for improving website security.
For websites that use WordPress, which most of ours do, or other web development tools such as Drupal or Joomla, platform updates are constantly released to close vulnerabilities as well as increase functionality. Its therefore important to make sure the plugins and platforms used in the design and development your website are kept up to date with the most current security patches. If you do not take this first step, your website and all the content will be open to unnecessary security vulnerabilities.
If we got a fiver for every time we encountered user passwords on the admin logins of websites we could have retired to the Caribbean by now. There are hackers out there who have tools that can seek out and break into sites with weak passwords like “admin”, “012345″ or “password”.
A handy tip here, is create something easy for you to remember, unrelated words – rude, amusing, memorable and use a mix of special characters, upper and lower case and numbers. Change the default user name – its usually “Admin” – to something a bit harder to guess.
We also recommend changing passwords regularly, and certainly this should be done if an admin leaves the company.
All websites will gain additional security benefits from adding tools and plugins like spam protection, malware scanners, secure forms. WordPress sites should use Wordfence to prevent a number of possible attacks; its free so why wouldn’t you use it?
Unfortunately, even if you take the correct precautions, your website may still get hacked and you are in danger of losing everything. Its therefore crucial to have a regular backup regimen. For sites that aren’t updated very often, this might even be a manual process, but our recommendation would be to have appropriate backups at server level. This means arranging a plan with your hosting provider.
If you do use https, and you should if you have an e-commerce site, you should update it to the latest version. Another thing to consider is that Google uses https as a ranking factor, so if your certificates are out of date, this will affect traffic.