Your website is your digital business card. It is where your customers can find information about what you do and how you do it and get in touch directly with you. Needless to say – a secure website is not just business-critical – it’s simply necessary. Would you leave your home’s doors and windows open 24/7? Hopefully not!
So if you are asking yourself, how secure is your website right now – don’t fret – our Dev Ninja Dan has your back.
Throughout this post he’ll go through how you can get started taking steps towards mitigating the risks of harmful attacks and best practices in securing your website.
Secure all incoming data
A general rule of thumb is to never trust any input coming from web browsers. Best practice is to assume the worst and have procedures in place that sanitise all incoming data.
For example, SQL injections are a form of an attack where malicious actors can trick a system to accept SQL statements as strings (either through a form, or some kind of input) to execute harmful commands on your database. Different Tech stacks have their own ways of protecting from this sort of problem so be sure to check the relevant documentation.
PS: If this sounds too techy, simply get in touch with our expert team to audit and strengthen your web security.
We would also recommend using HTTPS for everything. HTTPS is HTTP but with an SSL certificate that protects your data between you and the website’s server. This was originally used for form submissions (i.e. sensitive data such as payment details) but now having HTTPS for everything as default gives off a sense of security to your users. Some hosting companies provide the ability to purchase an SSL certificate, but you can also acquire one from elsewhere by doing a quick google search.
Core + Plugin Updates
With any new update to WordPress comes updated security fixes. WordPress is highly used throughout the web so WordPress becomes a target for malicious intruders. Updating your WordPress protects you and users from security vulnerabilities that previous versions of WordPress may have had.
This also applies to your web themes and plugins – you should always update your themes and plugins when possible. As with all software, especially third party software, we are relying on the owner of that software to protect against bugs and potential security breaches with these updates. When an update is available – just do it.
Note: When needing to do updates on your site, it is best practice to spin up a staging site just in case any breaks or conflicts bring down your website. If you’d like us to set one up for you, please get in touch with our friendly team.
Use strong passwords
As with everything these days, a secure password can go a long way in protecting yourself from all sorts of trouble. Password managers such as LastPass and bitwarden can help you in storing, creating and sharing (between devices) your passwords that can help you avoid attacks. WordPress by default does give you a slight push towards choosing a strong password but you can opt out and choose a weak password – looking for a plugin that can force strong passwords can cover for this.
Who has access to your website matters
Site owners should limit the amount of admins that have access to the admin side of your website. We’d recommend limiting the amount of admins, as it mitigates the risk of someone doing something they shouldn’t be. When creating new users, you should assign them a role that correlates to their responsibilities (editor, content creator) – Not every user needs to be an admin.
Additionally, plugins such as LoggedIn enable you to limit the amount of active sessions one user can have – as WordPress by default allows one account to be logged in from unlimited devices/browsers at a time. This prevents users from sharing their login information.
The magic word: Back up
Like the old saying goes, “Dig the well, before you’re thirsty”. This couldn’t be a better approach when it comes to web security. If in the unfortunate event that something does go wrong, backups are always handy to get your website back to a point in time where it was fully functional. This will save you precious time and money!
My last thoughts
Website security is important – not just in protecting your assets but also your users. Hopefully the points above can give you an idea of how important it is to have a secure, backed up, updated website that protects your business. Next steps would be to look at other ways to protect and secure your website – look at firewalls such as Wordfence and DDoS prevention from Cloudflare CDN to further boost your protection. All in all, web security needs to be an organic process, a regular one that requires, like your home, some maintenance here and there. If you are interested in securing your website, drop us a line – we’d love to help!
What are your challenges?