Protect your website- We’ve heard it plenty of times, yet do you really know how secure your website is, or how you can make it more secure? With the expansion of content management systems (CMS), like WordPress and Joomla, business owners now have the ability to create and manage their website without any real knowledge or understanding of how to keep their websites safe.
When creating a website with FDRY we make sure that your websites are as secure as they can be. We use a plugin called IThemes Security Pro, to give you peace of mind that your website is being looked after 24/7.
Despite knowing that the websites we have created and maintained are secure, below we have listed some key tips to consider when looking to improve your website security.
1. Keep your software and plugins up-to-date
An extraordinary amount of websites are compromised every day due to outdated and insecure software. Updates that are available to your website through a new plugin or CMS version should be done ASAP, those updates more than likely contain security enhancements or patch vulnerabilities.
2. Add HTTPS and an SSL certificate
First and foremost when creating a website you have to make sure that you have a secure URL. If your website visitors offer to send their private information, your URL needs to be HTTPS, not HTTP, in order to deliver a secure platform. For you to create that secure connection your website additionally needs an SSL Certificate (Secure Sockets Layer). This transfers visitor’s personal information between the website and your database, information is encrypted to prevent others reading it while in transit.
3. Always backup your website
Making sure you have a good backup solution is a great way to stay ahead of the game. Keep your website information off site, do not store backups on the same server as your website. Keep your website backup on a home computer or hard drive. Remembering to backup your data is another issue in itself. Use a solution that allows you to schedule site backups.
4. Learn how to safely delete your sensitive data
A big mistake that companies make is not destroying their data appropriately. If you have sensitive data that needs to be securely deleted consider outsourcing a data destruction company such as DSA Connect. They provide a secure, compliant, ethical solution for IT asset retirement and data sanitisation, using tools approved by the National Cyber Security Centre.
5. Limit user access and permissions
Whilst it may be unavoidable to give access to your employees, the more people you give access to the if mistakes are made or overlooked a serious security issue can occur. It is important to educate every CMS user about the importance of all the tips outlined above. Employees also come and go so you should make a physical record of who has done what with your website.
6. Change default CMS settings
The most common type of attack against websites are those that are entirely automated. When bots attack they rely on users having their setting set on default. After choosing your CMS, change the default settings immediately.
This insight may seem overwhelming, there is a lot to think about when ensuring the safety of your website. Hopefully this will give you something to think about and the knowledge you need to help protect your website. Remember if you are unsure we are always here to help. Protect your website by getting in touch. We will help to assess your website security and help you get on track.