As a website owner, is there anything more terrifying than the thought of seeing all of your work altered or entirely wiped out by a nefarious hacker?
We see data breaches and hacks in the news all the time. And you may think, why would someone come after my small business website? But hacks don’t just happen to the big guys. One report found that small businesses were the victims of 43% of all data breaches.
You’ve worked hard on your website (and your brand) – so it’s important to take the time to protect it with these basic hacker protection tips.
5 Easy Steps to Secure Your Website from Hackers
You may have worried when starting this post that it would be full of technical jargon that your average website owner would find baffling. Some of our tips further down do get technical, and you may want to bring in your developer for those.
But there are a few things you can do on your own first that don’t involve that much technical know-how.
Step #1: Install security plugins.
If you built your website with a content management system (CMS), you can enhance your website with security plugins that actively prevent website hacking attempts. Each of the main CMS options have security plugins available, many of them for free.
Security plugins for WordPress:
- iThemes Security
- Bulletproof Security
- Sucuri
- Wordfence
- fail2Ban
Security options for Magento:
- Amasty
- Watchlog Pro
- MageFence
Security extensions for Joomla:
- JHackGuard
- jomDefender
- RSFirewall
- Antivirus Website Protection
These options address the security vulnerabilities that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.
In addition, all websites – whether you’re running a CMS-managed site or HTML pages – can benefit from considering SiteLock. SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more. If your business relies on its website, SiteLock is definitely an investment worth considering.
Note: Our Shared hosting plans have SiteLock built in, along with other features to help secure your site.
Step #2: Use HTTPS
As a consumer, you may already know to always look for the green lock image and https in your browser bar any time you provide sensitive information to a website. Those five little letters are an important shorthand for hacker security: they signal that it’s safe to provide financial information on that particular webpage.
An SSL certificate is important because it secures the transfer of information – such as credit cards, personal data, and contact information – between your website and the server.
While an SSL certificate has always been essential for eCommerce websites, having one has recently become important for all websites. Google released a Chrome update in 2018. The security update happened in July and alerts website visitors if your website doesn’t have an SSL certificate installed. That makes visitors more likely to bounce, even if your website doesn’t collect sensitive information.
Search engines are taking website security more seriously than ever because they want users to have a positive and safe experience browsing the web. Taking the commitment to security further, a search engine may rank your website lower in search results if you don’t have an SSL certificate.
What does that mean for you? If you want people to trust your brand, you need to invest in an SSL certificate. The cost of an SSL certificate is minimal, but the extra level of encryption it offers to your customers goes a long way to making your website more secure and trustworthy.
At Ecowebzim, we also take website security seriously, but most importantly, we want to make it easy for you to be secure. All Ecowebzim web hosting packages come with a free SSL certificate. The SSL certificate will be automatically applied to your account, but you do need to take a few steps to install the free SSL certificate on your website.
Step #3: Keep your website platform and software up-to-date
Using a CMS with various useful plugins and extensions offers a lot of benefits, but it also brings risk. The leading cause of website infections is vulnerabilities in a content management system’s extensible components.
Because many of these tools are created as open-source software programs, their code is easily accessible – to both good-intentioned developers as well as malicious hackers. Hackers can pore over this code, looking for security vulnerabilities that allow them to take control of your website by exploiting any platform or script weaknesses.
To protect your website from being hacked, always make sure your content management system, plugins, apps, and any scripts you’ve installed are up-to-date.
If you’re running a website built on WordPress, you can check whether you’re up to date quickly when logging into your WordPress dashboard. Look for the update icon in the top left corner next to your site name. Click the number to access your WordPress Updates.
Step #4: Make sure your passwords are secure
This one seems simple, but it’s so important.
It’s tempting to go with a password you know will always be easy for you to remember. That’s why the #1 most common password is still 123456. You have to do better than that – a lot better than that to prevent login attempts from hackers and other outsiders.
Make the effort to figure out a truly secure password (or use Ecowebzim’s password generator). Make it long. Use a mix of special characters, numbers, and letters. And steer clear of potentially easy-to-guess keywords like your birthday or kid’s name. If a hacker somehow gains access to other information about you, they’ll know to guess those first.
Holding yourself to a high standard for password security is step one. You also need to make sure everyone who has access to your website has similarly strong passwords. One weak password within your team can make your website susceptible to a data leak, so set expectations with everyone who has access.
Institute requirements for all website users in terms of length and types of characters. If your employees want to use easy passwords for their less secure accounts, that’s their business. But when it comes to your website, it’s your business (literally) and you can hold them to a higher standard.
Step #5: Invest in automatic backups.
Even if you do everything else on this list, you still face some risk. The worst-case scenario of a website hack is to lose everything because you forgot to back your website up. The best way to protect yourself is to make sure you always have a recent backup.
While a data breach will be stressful no matter what, when you have a current backup, recovering is much easier. You can make a habit out of manually backing your website up daily or weekly. But if there’s even the slightest chance you’ll forget, invest in automatic backups. It’s a cheap way to buy peace of mind.