Happy new year! The start of the year is when people often set goals for themselves – whether that’s exercising more, eating better, or picking up the guitar. But what about checking in on your web security? Did you know there is a hacker attack every 39 seconds? The cost of data breaches increased to $2.1 trillion globally in 2019, according to HostingTribunal.com. Hacking is a booming industry and the best thing you can do to keep from being a victim is to plan ahead.
But why should you care if your website is hacked in the first place? In short: money. Recovering from a cyber-attack is costly and could cost you business. Plus, cyberattacks expose consumer information to those with malicious intent. That data could be bank account information or a social security number used to steal someone’s identity. As a business owner, hacking is not something you want to clean up after the fact. We at Web Symphonies take security seriously and have some tips on how to secure your website. Read on.
1.) Pick a quality hosting company
It’s tempting to save money by choosing a cheap hosting provider but you get what you pay for – cheap hosts don’t include security measures, which means in addition to stealing personal information, hackers could completely erase your data and redirect your URL somewhere else, according to security experts. A quality hosting company provides additional layers of security automatically to your website; for instance by including multi-factor authentication (requiring a code sent to your phone as an example) or brute force protection. Brute force is when a person or a bot will hammer your website over and over again trying to guess the login credentials. We’re a fan of Dreamhost, which includes multi-factor authentication, brute force protection, auto-enabled secure file transfer protocol, and free secure hosting with Let’s Encrypt. If you need help choosing a hosting company or signing up with Dreamhost, reach out. You can also read our blogpost about what makes a good hosting company. Not only can we help you pick a quality host, but we can help you with web design in Charlotte, N.C. and beyond. That’s the beauty of a web design company — we’re not location specific.
2.) Install a security plugin
If you’re a person who knows how to check your website security for malware, and keep on top of coding practices, great. If not, don’t worry, there are several security plugins available. Security plugins take care of your site security by scanning for malware and monitoring your site 24/7.
We use the iThemes security professional plugin – it limits the number of failed login attempts allowed per user with brute force protection. With the security plugin, if someone (or a bot) hammers your website over and over again, they’ll get locked out after a few attempts. But let’s say the worst has happened: You’ve been hacked. What happens then? What will a hacker actually do? They will likely add, remove, or change a file. The iThemes software emails alerts showing any recent file changes so you know if you’ve been hacked.
3.) Use a strong password
You’ve likely heard it before, but a strong password is one of the best ways to keep your website (or email) safe. A simple password is easy to remember but it’s also simple enough for a hacker to guess. Lock down your security by using a complex password, or one that is auto-generated with a variety of numbers, nonsensical letters, and special characters such as # or ^. For instance, cOrrect^hOrse2bAttery^sTaple. It’s long, complex, and has a mix of lowercase letters as well as capitalization.
4.) Change the admin username
When setting up your website (but also if your website is already established) pick a username other than “admin” for your main administrator account. If you use admin, you’re one step closer to hackers getting into your website – all they have to do is guess your password and then they’re in, controlling your entire website. If you use the iThemes plugin, you can ban any IP address that attempts to login with the admin username.
If you already use admin as your main username, don’t worry, you can change it. If you’re a WordPress client, go to your WordPress dashboard and add a new user. Fill in all the required information and pick a more unique username than “admin.” In the role drop-down menu, choose “administrator” so the new user has administrator rights. Add the new user. Log out of the admin account and log in with the new user account. Once you’ve done so, delete the default admin. Tick “attribute all content to” the new admin username and confirm deletion of the “admin” user. Then you’re all set! If that sounds too complicated, contact us and we’re happy to help. Not only are we a Charlotte web design company, but we also help with web redesign — and that includes WordPress website design if you know what that means.
5.) Change the login URL
Similar to the tip above, change the login URL for your website. If you have a WordPress site, the default login is “yoursite.com/wp-admin”. Maintaining the default login URL means you may be targeted for a brute force attack because the person or bot already knows where to start guessing your login credentials. If you accept registered users, for a subscription service for instance, you may also get a lot of spam registrations. To prevent this, change the admin login URL or add a security question to the registration and login page. As with most things on WordPress, there’s a plugin that makes it easy to change your login URL. We can help with your WordPress website design in Charlotte, N.C. and around the world.
6.) Install an SSL Certificate
Single Sockets Layer (SSL) is beneficial for all kinds of websites – not just those processing payments. However, an SSL certificate is mandatory for any site that processes sensitive information such as passwords as well as credit card information. What does SSL do? It encrypts all sensitive information between your browser and server, making it more difficult to read. Otherwise data is delivered in plain text, which makes it readable by hackers.
7.) Keep your website up to date
This is a simple tip that’s all to easy to ignore: Keep your website up to date with the latest upgrades. With every update, developers make a few tweaks, oftentimes to security features. Installing the latest update means you are protecting yourself from being a target for pre-identified loopholes and exploits hackers can use to gain access to your site. Update your plugins and themes for the same reason.
These simple tips will go a long way toward keeping your website secure. Do you have anything you’d like to add? Let us know in the comments below. And please do reach out if you’re looking for a website designer or web development in Charlotte, N.C.!