Keep your website secure: here are some simple guidelines
These days, anyone can build a website. Using a content management system (CMS) like WordPress, Joomla or Drupal, you can create a smart personal blog or a basic site with a gallery and a contacts page in minutes. Indeed, with just a little more effort, you can add catalogue and e-commerce functionality and move your entire business online.
While it’s great that the internet has extended the reach of SMEs in this fashion, ‘oven-ready’ websites have an achilles heel. The world is full of cybercrime, with tens of millions of detected security incidents affecting computer systems every year. Because most of the DIYers operating self-built websites have little practical knowledge of IT security procedures, they’re prime targets for hackers.
Seeking peace of mind? Read on…
#1: This means you!
You might be assuming that, just because you haven’t yet implemented e-commerce on your new site, it won’t be of interest to hackers. Not so!
Even a low-value website can provide cybercriminals with a base from which to go after other, higher-value targets. Hackers might hijack your £5.00-a-month hosting platform to distribute spam e-mails, host malware for download or even to bring down other websites.
No matter how basic your site, everything you read here applies to you.
#2: Install a virus checker
An easily-overlooked security tip for your new website is to install antivirus software on your personal computer. Even a freeware download like Avast! will help.
That’s so because modern viruses are commonly designed to infect additional systems when they can. The malware which invaded your PC during that unwise online shopping trip may be smart enough to lie low until it can get onto the server where your website is hosted… and then unleash havoc.
As site admin, you’re the most likely infection vector, so make sure you stay safe.
At HOST100, all Linux plans have a malware scanner as standard.
#3: Rethink ALL your logins and passwords
Most of us are hopeless with passwords. If you find it hard to remember all the different passwords for your websites, blogs, banks, credit card providers, HMRC online tax account and so on, it’s easy to cave in and set the same password across all your accounts.
Resist the temptation! Remember how much personally identifiable information (PII) has become available to hackers through pwning. If hackers ever succeed in assembling a full set of your PII, they will immediately try it on your other accounts. If you use the same password across multiple sites, a minor data compromise will turn into an outright disaster.
You should have (curses!) a different password for every account, and you’ll need (groan!) to update it every couple of months. If it all gets too much, you can always use a third party ‘keyring’ like LastPass to keep track…
#4: Keep your site software up-to-date
We namechecked WordPress and Drupal in the first paragraph of this article. There’s no doubt that CMS software has changed the internet for the better – but the software that powers your website is just as much of a hacker target as the stuff on your PC. The cybercriminals are constantly on the lookout for outdated, vulnerable software, and the best way to keep them at bay is to ensure that the versions which power your site are the very latest.
Many providers have systems to handle the update process automatically, or will point you at repositories where you can download trusted software titles for yourself. If so, take advantage!
But, no matter what’s on offer, when it comes down to the detail of plugins, themes and other software add-ons, you’ll likely be on your own. Choose wisely, and stick to the mainstream as much as possible.
You might also consider installing dedicated anti-malware software on your website. It’s a big topic, but worth discussing with your provider.
#5: Get your access under control
When you’re building a website, it’s natural to provide free access to everyone on the team. A shared ‘developer’ account might seem appealing, but, once again, resist the temptation! Maintaining separate passwords ensures full traceability if things go wrong.
It’s also a good idea to implement two factor authentication (2FA) because doing so will make it much harder for hackers to gain access. You might even consider adjusting the server permissions to restrict access to the login page – although you may have to enlist the help of a friendly techie to do so!
#6: Install SSL
You can ask the same friendly techie to help you to install an SSL certificate on your site.
SSL certification is the reason some website locations show up in your browser as https:// rather than the older http://. The newer protocol automatically encrypts any information you exchange with the site, making it much harder for hackers to read passwords or credit card data submitted by other users. Although implementation is beyond the scope of this guide, it needn’t be a major task.
At HOST100, our control panels also provide automatic SSL installation.
Computer security is a complex, rapidly evolving topic which some people choose to study for years. A short blog post like this is just a collection of pointers – but we hope we’ve got you off to a good start. At HOST100, we’re always glad to deal with your security queries.