Making your website more secure is crucial to avoiding your website becoming compromised. Being “hacked” is a real possibility when there are CMS or plug-in/module updates being neglected. That being said there are several security measures you can take that also increase your website’s SEO and boost user confidence when on your website by knowing it is a trustworthy website. The list below highlights a few common and major areas we see that lead to these types of exploits.
Adding an SSL certificate (https) to Your Website
SSL, which is short for “Secure Sockets Layer” is an additional proactive measure you can take to increase your website’s security. In some browsers such as Google Chrome when there is no SSL you may receive a red warning “Not Secure” message in your URL bar. This will often deter users from staying on your website. Some will leave immediately upon reading the warning message. SSL and HTTPS are mainly used on websites where payments or other security sensitive data is being transmitted however it will still provide an added layer of protection for your website even if you are not using those features. Having the little green lock your url which says “secure” along with “https” will tell your users that you have their security in mind.
Update Your Website’s CMS
All software may require periodic updates. This is especially important for anything connected to the web and includes your website. Applying updates and patches that are released for your content management system (CMS) will have a direct effect on making it more secure. If you are using an older version of a content management system you may want to upgrade to a newer version. This is especially important if that CMS has reached its “end of life” (EOL) meaning it is no longer supported. If you are using WordPress, you need to be especially prudent as 78% of all websites that are hacked are WordPress websites. This is largely due to its popularity and ease of use for users of all skill levels which makes it a more lucrative target. It is important to know the issues your chosen CMS may be susceptible to. Make sure to upgrade and make the monthly patches that are released to avoid being exploited.
XSS-Protection in Your Website’s Code
XSS-Protection helps prevent what is called cross-site scripting attacks, meaning code is added to a website that will issue actions in the user’s browser on behalf of a webpage. Sometimes you may not even be aware that this is occurring on your website. If you are concerned about an XSS attack on your website there are actions you can take to prevent this from occurring. If you are unable to code yourself speak to an experienced web developer regarding these issues to make certain you are protected.
Use a Password Manager For Your Website
Using a password manager seems like a no brainer however sometimes it is one of those things that gets overlooked. There are many free and paid password management services that you can use to make your life easier. Password managers make your website more secure by allowing you to use stronger passwords since you no longer need to memorize them. Choosing an automatically generated password that contains special characters, numbers and both upper and lowercase letters will certainly be advantageous. Keep your passwords for your website under lock and key.
If you are still concerned about your website being compromised or hacked speak to us or another experienced web design and development firm for a better understanding of the state of the web in 2018.