fbpx

Tips to keep your website secure

If you are using the worlds preferred platform, WordPress, here are a number of tips to keep it secure and safe. 

WordPress remains the number one platform used and it is also the number one for targeted attacks. WordPress as a platform is incredibly secure when it is up to date, however, a lot of people don’t do this and it leaves their websites vulnerable. 

Other platforms like Shopify, Squarespace or WIX look after the software updates for you.

Security is not just about the software you use – Passwords, User names and the sharing of this information contributes to the lack of security of your website and it does not matter which platform your website is on.

The CIA triadTips to keep your website secure - Information Security CIA

These threes letters form a well-known information security model. Confidentiality, Integrity and Availability. This model is designed to guide policies for information security and can be used to ensure the security of your website. 

Confidentiality

This refers to the control of your information, and anyone who should not have access is kept out of your website.

This is done with usernames and passwords. 

It is incredibly important to limit the people who have direct access to your website. They must have only the permissions they require.

You also need assurances of who will have these credentials. Will anything be outsourced overseas for example?

It is important that you are not tricked into giving access to your website, domain or hosting to anyone who specifically does not need it. For example: If you manage your own hosting and domain your hosting and domain access is only needed for website development and even then it is not always required. 

Remember that your website is a business asset. Just as you wouldn’t hand the keys of your car to anyone, the same applies to your website.

Integrity

The integrity of your website is essential to ensure that your visitors receive accurate information.

Having a secure socket layer (SSL) certificate ensures that all data in transit is encrypted. This is a ranking credential for Google as they only want secure websites ranking well in the results. 

This is incredibly important for an eCommerce business to ensure that their buyer is protected at all times and the data is safe.

SSL certificates are free and there are paid options too. For most websites, the free option is enough.

Availability

Is your website available for those who need it? Or is it vulnerable to denial-of-service-attack or internal attack as you have shared all your confidential data to various people or companies? 

Ensuring that your website is kept up to date works to maintain the security of your website. It should have regular backups, security updates, WordPress updates and plugin updates complete on a monthly basis. 

Going back to confidentiality – human error is real and sometimes intentional so if your usernames and passwords get into the wrong hands the availability of your website can be compromised.

Tips to keep your website secure

A secure password – utilising a password management app like Last Pass is one of the simplest ways to have very technical and secure passwords. 

Up to date software – You can choose to do this yourself or outsource it but you must keep the software for your website up to date. Failure to do this opens your website up to attacks. Not be up to date is a little like leaving your door open when you go out.

SSL certificate – That little padlock near your websites URL shows that your website is encrypted. 

Backups – Many hosting platforms provide backups for your website. These should be done in conjunction with your software updates. 

Comments – Make sure your comments are set up for manual approval to prevent robots from commenting.

Your computers – Make sure you are wise about the emails you open. Never click on bank email links or other links you have not seen before. 

Always check who sent the email. Even if it is your friend, they too could have been hacked and you are potentially next. 

Remember that many very big businesses along with banks have issues with phishing email scams targeting people. 

Passwords – Security for more than your website

According to Nordpass here is the top 20 for 2020 most used and laughable passwords. Not just for websites but for all types of login credentials.

If you are using any of them for anything please update your password immediately. Using these types of passwords for anything leaves you vulnerable.

Position Password Time to crack it
1 123456 Less than a second
2 123456789 Less than a second
3 picture1 3 hours
4 password Less than a second
5 12345678 Less than a second
6 111111 Less than a second
7 123123 Less than a second
8 12345 Less than a second
9 1234567890 Less than a second
10 senha 10 seconds
11 1234567 Less than a second
12 qwerty Less than a second
13 abc123 Less than a second
14 Million2 3 hours
15 0 Less than a second
16 1234 Less than a second
17 iloveyou Less than a second
18 aaron431 3 hours
19 password1 Less than a second
20 qqww1122 Less than an hour

There are also 12 categories of passwords to avoid as while they are easy to remember they are also easy to crack.

  • Numbers – Runs of numbers like 123456789
  • Querty – The line up of the keys on your keyboard and numbers nearby
  • Device – Computer, Apple, Samsung
  • Swear words – No explanation needed
  • Entertainment – Batman, Superman and band names
  • Names – Personal names like number 18 on the list above.
  • Password – Variations of the word password
  • Sports – Soccer, Football, Baseball, Basketball
  • Positive words – iloveyou, princess, sunshine, butterfly, babygirl
  • Food – chocolate, cookie, pepper, cheese, peanut
  • Random Letters – abc123, qqww1122, 123456a, a123456
  • Miscellaneous – Picture1, million2, omgpop, unknown, dragon

Conclusion

Website hacking is not generally because they want to attack your little business it is however always malicious. It could be ransomware, Gibberish, cloaked keywords, Japanese keywords, malicious code and viruses, denial of service, phishing or any number of other issues. 

Take your security seriously, use these tips to keep your website secure and don’t get caught out by any scams. They come over the phone, email, websites and direct to your website. Remember that if you did not ask to be contacted by phone or email, chances are they are not a business that you can trust.

If you need any help with your website or your digital marketing – Contact Kelly @ My Sassy Business. 

Join our mailing List

  • This field is for validation purposes and should be left unchanged.