While most websites have a level of safety and security in place, you should always take extra care when it comes to protection against online threats and attacks.
It all starts with choosing a secure web host and then taking additional security measures from there to ensure that you have control over your website’s security.
In this post I will share some simple yet actionable website safety tips
#1 Keep everything in the back end and front end updated
Numerous websites get compromised due to outdated and incsecure software. You must always be on the look out for plugin updates, CMS updates etc., and download them as soon as they are available.
Hacking has become highly automated. Bots scan everything and look for opportunities to exploit. You have to keep updating your framework consistently. One of the recommended plugins is WP Updates .
It allows you to know whe a plugin update or any kind of update is available via email notifications.
#2 Follow strick password guidelines
This is one of the most important website safety tips and most people fail to follow. Admin/Admin is not a great username password combination folks. Websites with common passwords are hacked easily.
When creating a password, follows these three guidelines strictly:
Make the password complex
Randomise the passwords as much as you can. Password cracking programs ususally guess millions of passwords in minutes. So if you do not follow appropirate measure and make your passwords simple then you are in for trouble.
Mix and match your characters so that there is no detectable pattern. Keep and long and complex.
And if you are worried about remembering them, then use LastPass, a wonderful and secure tool that helps you to keep your password complex and safe. It remembers your passwords and keeps them secure. You can access them at any time.
Make your passwords long
The ideal length is 12+ characters. Hacking algorithms work on a statistical probaility basis and the increased length decreases the odds of your password being found.
Also, there are often limits so that you can only guess the password 3-4 times. The longer the password, the harder it will be to guess in these limits!
Make them as Unique as you can
Make sure you do not reuse passwords. Each account should have unique passwords. Having many similar passowrds increases your chances of being hacked and VICE VERSA. Having someone find out your FTP password should not enable them to log in to your email or internet banking account.
#3 Keep the number of sites on one server to a minimum
Keeping many websites on one server is one of the worst security measures ever. You must keep the number to a minimum. You create a very large attack surface for potential threats.
For instance, a server with one website may have one theme and 12 plugins that can be potentially attacked. Now as you increase the number of sites, the number of themes and plugins increases.
This increases the threat of being attacked. Infection in one area can spreas very quickly. Not only can this result in all your sites being hacked at the same time, it also makes the cleanup process much more time consuming and difficult. The infected sites can continue to reinfect one another in an endless loop.
Therefore, always make sure that if you are using unlimited hosting plans to host multiple sites then you have robust security firewalls and keep your framework updated all the time.
#4 Delegate the extent of User Access
If you have multiple logins on your site then make sure you allow sensible access. Every user should have the appropriate permissions in order to carry their jobs. If you need to to increase access momentarily, then don’t just leave it hanging but close the access once the work is done.
For example, if you have a friend that wants to write a guest blog post for you, make sure their account does not have full administrator privileges. Your friend’s account should only be able to create new posts and edit their own posts because there is no need for them to be able to change website settings.
Having carefully defined access will limit any mistakes that can be made, it reduces the fallout of compromised accounts, and can protect against the damage done by ‘rogue’ users. This is a frequently overlooked part of user management: accountability and monitoring. If people share a user account and an unwanted change is made by that user, how do you find out which person on your team was responsible?
Once you have separate user accounts for every user, you can keep an eye on user behavior by reviewing logs and knowing the usual behavior (when and where they normally access the website) so you can spot anomalies and confirm with the person that their account hasn’t been compromised.
#5 Never use default CMS Settings
CMS may have transformed the way people use the internet but it also opens a lot of threats. Many attacks happen by phising out default CMS settings that remain unchanged. This means that you can avoid a large number of attacks simply by changing the default settings when installing your CMS of choice.
There are settings that you may want to adjust to control comments, users, and the visibility of your user information. It is usually easiest to change these default details when installing your CMS, but they can be changed later.
So, always be careful about your site’s security. THe devil is always in the details.
Use these tips to keep your website secure and If you have any doubts, mention them in the comments section.