Website Security
There are a lot of blog posts, forums and websites that talk about Website Security. It can be overwhelming and scary to think that someone might hijack your website, but it happens. Trust me. And it’s no fun fighting to get your website back or having it down completely. I’m not trying to scare anyone but I want you to think about how you can PREVENT some potential frustration, time and money. Think about it as doing what you can now to reduce your risk of having issues with your website.
Here are a few things you can check on your own website to make sure you have some of the obvious things taken care of. Most apply to WordPress websites, since the majority of the websites I make are on this platform. However, some apply to Weebly, Squarespace and other platforms too. Let me know if you have questions.
SSL Certificate
Every website should have an SSL (Secure Sockets Layer) certificate. Check with your hosting company if you don’t. For my clients who use BlueHost to host your website, it’s free. I know GoDaddy charges for it, annually I believe. An SSL certificate is code on your website’ server computer that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail. If you don’t have an SSL certificate, your website may still function as always, but it will be vulnerable to hackers and Google will warn visitors that your website is not secure. So, you will eventually lose your position on Google’s search results to competitors who have SSL certificates.
HTTPS://yourwebsite.com
Every website should be using HTTPS vs HTTP in front of your URL. Can you see the icon of a lock on the browser where your website address is? If you don’t see the lock, you need to secure your website. HTTPS is HTTP with encryption. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. As a result, HTTPS is far more secure than HTTP.
WordFence
For WordPress websites, I recommend adding a special FREE plugin to help secure your website from hackers. It’s called WordFence. You can install it yourself or I can install it and go over the settings. It adds firewall protection, it blocks hackers from trying to log into your website using a username they think you might be using. It does a lot more too, well worth it for a free way to help secure your site. WordFence will send you emails to alert you of any issues if finds that needs attention. I have clients forward those emails to me when they want my help.
Passwords
I’m sure you are aware, but it’s worth repeating. You should make sure your password is DIFFICULT. Yes, include capital and lower case letters and numbers and symbols. I recommend at least 8-10 characters or more.
You can Google website security and find out about a lot more tools, scans, programs and software. If you accept payments on your website or gather information on an online form, you really need to take these steps to make sure you reduce the risk of your website getting hacked.
Malware Infection
And if you do experience problems, I recommend SiteLock to help clean malware off of your website. How do you know when your website is infected with malware? You may get locked out from logging into your website at all. You notice posts on your website that you didn’t make. User accounts added to your website that you didn’t do, or sometimes the hacker will forward your domain name to another website completely, and let’s just say, you don’t want your clients seeing these types of sites, yuck!
A few More Tips
- Make sure that the server that holds your website files has the MOST RECENT version of PHP software. You can check this by logging into your hosting account or calling your host company to verify.
- For WordPress websites, make sure your Theme, Plugins, and WordPress version has AUTOMATIC UPDATES enabled. It’s like getting updates for your phone or Microsoft software. Updates are usually done because they fix a venerability with your website. You can now set a WordPress website to Automatically to the updates when they are available, but you have to check to make sure your site is updating automatically, because it’s a somewhat new feature and the default is set to NOT update automatically.
- Make sure your hosting company is doing a regular backup of your website. Bluehost clients get this done automatically and for free, other hosting companies charge you for backups.
- This last one isn’t website security focused, but it’s annoying. Ever go to a website and click on a link, and the link doesn’t work? It doesn’t take you anywhere? You might see a 404 Error? I hate that. That’s called a broken link. I have a WordPress plugin that I can add to your website to alert you when a link on your website breaks so you can fix it right away. Many of my clients are using it already and they fix the links themselves or the forward the email notice to me and I fix it for them. Whenever you add a link on your website or blog, to someone else’s website or blog, there is a chance that in the future, they remove the content, or the website goes down, and they your link breaks.
Let me know if you have any Website Security questions. I tried to hit some of the basics that should be a quick fix or are easy to do. Some do get more complex, but are well worth it. Call me with your questions. While I may not be a full-time website security expert, I can help with these basic steps and usually help you out if your website gets really messed up. Again, if you focus on reducing your risk, it could save you time and money in the future.
Michelle Aspelin
Mindshare Marketing & Implementation Services, LLC