Tips to keep your website secure
WordPress remains the number one platform used and it is also the number one for targeted attacks. WordPress as a platform is incredibly secure when it is up to date, however, a lot of people don’t do this and it leaves their websites vulnerable.
Other platforms like Shopify, Squarespace or WIX look after the software updates for you.
Security is not just about the software you use – Passwords, User names and the sharing of this information contributes to the lack of security of your website and it does not matter which platform your website is on.
The CIA triad
These threes letters form a well-known information security model. Confidentiality, Integrity and Availability. This model is designed to guide policies for information security and can be used to ensure the security of your website.
This refers to the control of your information, and anyone who should not have access is kept out of your website.
This is done with usernames and passwords.
It is incredibly important to limit the people who have direct access to your website. They must have only the permissions they require.
You also need assurances of who will have these credentials. Will anything be outsourced overseas for example?
It is important that you are not tricked into giving access to your website, domain or hosting to anyone who specifically does not need it. For example: If you manage your own hosting and domain your hosting and domain access is only needed for website development and even then it is not always required.
Remember that your website is a business asset. Just as you wouldn’t hand the keys of your car to anyone, the same applies to your website.
The integrity of your website is essential to ensure that your visitors receive accurate information.
Having a secure socket layer (SSL) certificate ensures that all data in transit is encrypted. This is a ranking credential for Google as they only want secure websites ranking well in the results.
This is incredibly important for an eCommerce business to ensure that their buyer is protected at all times and the data is safe.
SSL certificates are free and there are paid options too. For most websites, the free option is enough.
Is your website available for those who need it? Or is it vulnerable to denial-of-service-attack or internal attack as you have shared all your confidential data to various people or companies?
Ensuring that your website is kept up to date works to maintain the security of your website. It should have regular backups, security updates, WordPress updates and plugin updates complete on a monthly basis.
Going back to confidentiality – human error is real and sometimes intentional so if your usernames and passwords get into the wrong hands the availability of your website can be compromised.
Tips to keep your website secure
A secure password – utilising a password management app like Last Pass is one of the simplest ways to have very technical and secure passwords.
Up to date software – You can choose to do this yourself or outsource it but you must keep the software for your website up to date. Failure to do this opens your website up to attacks. Not be up to date is a little like leaving your door open when you go out.
SSL certificate – That little padlock near your websites URL shows that your website is encrypted.
Backups – Many hosting platforms provide backups for your website. These should be done in conjunction with your software updates.
Comments – Make sure your comments are set up for manual approval to prevent robots from commenting.
Your computers – Make sure you are wise about the emails you open. Never click on bank email links or other links you have not seen before.
Always check who sent the email. Even if it is your friend, they too could have been hacked and you are potentially next.
Remember that many very big businesses along with banks have issues with phishing email scams targeting people.
Passwords – Security for more than your website
According to Nordpass here is the top 20 for 2020 most used and laughable passwords. Not just for websites but for all types of login credentials.
If you are using any of them for anything please update your password immediately. Using these types of passwords for anything leaves you vulnerable.
|Position||Password||Time to crack it|
|1||123456||Less than a second|
|2||123456789||Less than a second|
|4||password||Less than a second|
|5||12345678||Less than a second|
|6||111111||Less than a second|
|7||123123||Less than a second|
|8||12345||Less than a second|
|9||1234567890||Less than a second|
|11||1234567||Less than a second|
|12||qwerty||Less than a second|
|13||abc123||Less than a second|
|15||0||Less than a second|
|16||1234||Less than a second|
|17||iloveyou||Less than a second|
|19||password1||Less than a second|
|20||qqww1122||Less than an hour|
There are also 12 categories of passwords to avoid as while they are easy to remember they are also easy to crack.
- Numbers – Runs of numbers like 123456789
- Querty – The line up of the keys on your keyboard and numbers nearby
- Device – Computer, Apple, Samsung
- Swear words – No explanation needed
- Entertainment – Batman, Superman and band names
- Names – Personal names like number 18 on the list above.
- Password – Variations of the word password
- Sports – Soccer, Football, Baseball, Basketball
- Positive words – iloveyou, princess, sunshine, butterfly, babygirl
- Food – chocolate, cookie, pepper, cheese, peanut
- Random Letters – abc123, qqww1122, 123456a, a123456
- Miscellaneous – Picture1, million2, omgpop, unknown, dragon
Website hacking is not generally because they want to attack your little business it is however always malicious. It could be ransomware, Gibberish, cloaked keywords, Japanese keywords, malicious code and viruses, denial of service, phishing or any number of other issues.
Take your security seriously, use these tips to keep your website secure and don’t get caught out by any scams. They come over the phone, email, websites and direct to your website. Remember that if you did not ask to be contacted by phone or email, chances are they are not a business that you can trust.
If you need any help with your website or your digital marketing – Contact Kelly @ My Sassy Business.