Pretty much everyone these days has a website. Whether you run an online business website, are passionate about your hobby, or just like to share your views with the world via a blog, we almost all have our own little corner of the world wide web.
Some of us like to build our websites from scratch, doing all the programming on our own. For others, we prefer to get a template from a website host such as WordPress or MoonFruit and focus our efforts on the content.
Whichever camp you fall into, one provision which we also have to consider when setting up our own website is security. There are countless hackers and cyber-criminals out there, never mind the state sponsored surveillance teams who are gather data on people in most countries around the world too.
A poorly secured business website can not only put your own devices and data at risk, but also those of your customers and visitors as well. It might seem a daunting task, but actually it is pretty straight-forward. There are a number of simple steps that all web users can take to secure their own website.
Even if you are using a host such as WordPress, it is still highly advisable to take these steps to ensure that your site continues to be a safe and secure one both to visit, and to run.
Secure Your Business Website
As an experienced e-commerce entrepreneur, I have tried out many security programmes and procedures over the years, and this article highlights what I believe are the five crucial steps we should all take to address the problem of how to secure your business website in 2016:
1. Get domain privacy with your hosting provider
When you purchase your domain name, whether this is done directly or through your website host, your details are put into a public database which is open for anyone to look at. This database is going to hold such personal details as your name, address, and phone number. It goes without saying that this leaves your personal details open for anyone, including hackers, spammers, and identity thieves to access.
Most hosts will offer a service called domain privacy. This will cost a small fee but has a number of perks which makes it great value for money. It will mask all of your personal details on these databases, without changing the actual ownership of the domain.
It’s a simple and quick step to do, but can make a crucial difference between whether you are running a secure or insecure business website.
2. Pick a very strong admin password
Most of us these days are aware of the importance of having a strong password for anything important. Yet it is shocking how many people out there are still lazy enough to use passwords like ‘password’ and ‘123456’. This is just inviting your site to be hacked, and is just not good enough in this day and age.
Your password needs to be something totally unique that will be almost impossible to guess or to crack. It needs to be long, and must contain both upper and lower case letters and also numbers. You should also endeavour to use characters ($,!,#?=, etc.) in it too.
If remember such a password seems daunting, then worry not, because there is a solution out there to this problem as well. Use a Password Manager.
A password manager can generate very secure random passwords for all your online accounts. It can also remember them all for you, meaning you just have to remember one password (your Password Manager log-in) and it will do all the rest of your work for you.
There are plenty of Password Managers on the market, but my pick of the bunch at the moment is still LastPass. It is the market leader and will your online security much more secure.
3. Act now to prevent Brute Force Attacks
If you haven’t heard of a brute force attack, it is a means by which cyber-criminal can access password protected sites by systematically trying likely passwords, most often with an automated programme, until they chance upon the correct one.
All sites are vulnerable to these types of hacks and given the weak passwords many of us use (see above) they can be very effective.
But there are a few simple steps you can take to defend yourself against them.
– Limited Login attempts: Firstly, you can install a plugin which limits the number of times you can attempt to log-in to your site before it is locked. This type of software will let you make a handful of genuine errors yourself, but will stop hackers from systematically trying hundreds of passwords at a time. A wise addition to your security toolkit.
– Use a Brute Force Login protection app: Even better, you can use another type of plugin which offers even more protection against Brute Force attacks. As well as limiting log-in attempts, these plugins can blacklist and whitelist IP Addresses, delay execution after failed login attempts, and send customise messages to blocked users. They are simple, easy to use, and very effective.
4. On public Wi-Fi, always use a VPN
We all like to get online on the move these days, whether it is to fill the void during a long or boring commute or just because we work better in a coffee shop than an empty house.
The only problem with this is making use of public Wi-Fi networks. This networks offer zero security and logging into anything on them is essentially inviting hackers to take a look at anything you are.
By far the best way to get around this by using a VPN
A public Wi-Fi network offers no encryption but if you log onto a VPN before using it, all of your traffic is forced down an encrypted tunnel meaning everything you do online secure and hidden.
A VPN brings you various other perks too, including letting you access content which is geo-restricted overseas. This means you can run your business website or online business from anywhere in the world. For example, if you wanted to relocate to Dubai, sign up for a VPN there and you can still access restricted sites and services back in the UK.
A worthwhile VPN will charge a small monthly fee, but for the extra security and other benefits they offer, it is money very well spent.
5. ALWAYS keep plugins and software up to date
A simple but again often overlook rule to finish with. But it is vital to ensure that you are always using the latest version of any plug-in or security software if you want to be sure of being safe.
You must also be sure to use official plug-ins and software as there is much counterfeit software out there as well. If the plugin or software tries to download an update, you should always let it do so.