Website security is becoming increasingly important. Over the last few years, attacks on websites have been rising and sadly, criminals have been taking advantage of the Coronavirus situation with increased hack attempts. Here are 9 tips that can help to improve your website security.

1) Use Strong Passwords and Have Login Restrictions

It’s critical that all users on your website have secure, strong passwords. This means they cannot be easily guessed.

In addition, where possible you should have login restrictions. This may be two factor authentication (2FA), where in addition to your password, you also need to enter a code sent to your mobile. Depending on your scenario, there are also other login restrictions that can be put in place, such as locking down the admin area of your CMS to your office IP address.

2) Manage CMS Users – Assign Appropriate Roles and Delete Old Users

In terms of users that have access to your CMS, ensure they are assigned appropriate roles. For example, if you have a marketing assistant who just adds blog posts, don’t give them full administrator access.

It’s also important to review the CMS users you have – delete any users who don’t need access or have left your company.

3) Ensure Website Code Is up to Date – CMS, Themes, Plugins etc. Are Updated

It’s critical that your website code is up to date. If it’s a WordPress website, this means WordPress itself, the theme and any plugins used. For other types of website, updates should be done for the CMS in use (or code if it’s bespoke) and any custom components used.

4) Clean up Old Files & Unused Plugins

On a regular basis the website should be cleaned up. This means removing old files that are no longer used and deleting any plugins which are no longer required. A side-benefit of this is that it can also help to speed up your website.

5) Do Malware Scanning

Your website should have regular malware scans and/or a malware protection system running. This will detect any malicious code or malware on your website.

6) Have an SSL Certificate in Place

All websites should have a working SSL certificate in place across the whole website. This ensures data transferred between the person browsing your website and the website itself is encrypted. If you don’t have one, most browsers will now flag up warning messages. 

7) Use Secure Website Hosting

Having secure website hosting is very important. This is since the hosting is another way that an attacker can infiltrate your website. Your website hosting should be with a reliable company, have a firewall in place and other restrictions, such as limiting access to files and FTP access.

8) Make Sure Website Backups Are in Place

It’s very important to have website backups in place. This needs to be for both the website files and the database and the backups should be kept for many days. If a problem did occur with your website, the backup would allow it to be restored. Backups are also, of course, useful if you accidentally delete a file that you needed.

9) Have a Web Application Firewall (WAF) in Place

A great additional protection for websites is to put a Web Application Firewall (WAF) in place. There are several WAF providers and one of the leading ones is Cloudflare (we use this). A Web Application Firewall filters any traffic before it gets to your website. This means checks can be done and if the access is not normal, it can be blocked. They have a secondary purpose in that many WAFs (including CloudFlare) act as a Content Delivery Network (CDN), which results in an improvement to your website speed.

Next Steps

You may be able to action some of these tips yourself, whilst others may need the assistance of your web designer or agency.

We offer website care plans for the websites we look after. These take care of all the above items, plus hosting, as well as providing a monthly report. They allow you to focus on your business, whilst we focus on your website. Please view our care plans or contact us to discuss your website security.