Website security is a crucial aspect of website management, yet it’s an area that is so easily forgotten. Whilst we’re busy getting on with the fun stuff, be it writing blog posts, updating pages or improving the design and user experience, site security can often be overlooked.
Late last year, I learnt a harsh but very important lesson about website security when my website was hacked and infected with malware. I had not followed some of the basic security precautions and as a result my website was left vulnerable and open to attack.
In order to help others avoid some of the mistakes I made, I thought I’d jot down a few simple tips and actions that any website owners can take to help protect websites:
Back up regularly
Make sure you back your site up regularly. This can be done either manually (by transferring your website files from via FTP to your local machine) or if you’re using a CMS like WordPress there are free plugins such as the BackWPUp plugin which can archive everything into your Dropbox account on a weekly basis (hat tip to Chris Penn for this excellent piece of advice).
I also keep offline copies of all the blog content I produce on a separate memory drive so I know that this intellectual property (that forms the vast majority of all the content on my website) is kept safe.
Update your Passwords
Periodically change your FTP and any admin passwords as this is the main cause of sites getting infected. Make sure you choose a range of good passwords for your logins that include a minimum of 10 characters and contain letters, numbers and special characters, e.g. *, € or #.
The longer the password, the better. I’m terrible at remembering passwords so consider using lines from a favourite song or movie and replace some of the letters with numbers, e.g. ‘To be, or not to be, that is the question’ becomes ‘2beornot2bthatisthequest10n’.
Upgrade to the latest version of your website software
If, like me, you are running your site on a CMS like WordPress, make sure you update to the latest version as soon as it becomes available. It’s also important to ensure that all plugins are up-to-date, too.
The most up-to-date version of a CMS’s software should be more secure as it will include bug fixes and improvements to other security issues and vulnerabilities that may have existed in previous versions of the software.
Run an anti-virus scan
One of the most common causes for sites getting infected outside of security issues is via your computer. It’s therefore advisable to run an anti-virus scan on your machine or anyone that manages your site. There are a whole host of free antivirus software tools available, including:
- AVG
- Malwarebytes
- McAfee
- MacScan (for Mac users)
- Avast
Consider using a professional malware monitoring service
Sometimes there is only so much we can do ourselves. Hackers are getting more and more sophisticated and so it may be worth considering using a professional malware removal or monitoring service.
I use the aptly named Malware Removal Service who helped me with my most recent bout of malware and will now monitor my website over the course the year and make peridoic updates when necessary.
Some helpful resources
-
Use Google Webmaster Tools to check your website’s health and report spam, paid links, malware, and other problems to Google
- Google has a great list of online security tips that is worth checking out
- The Stopbadware Online Community is an excellent forum where professionals can help provide advice on a range of online security issues
-
If you wish to make a complaint about a particular website, you can visit www.econsumer.gov
Regardless of how many precautions we take, website security is a matter of mitigating damages as nothing can ever be made 100% ‘hackproof’. We can only put things in place to help protect against and deter attacks. However, by following some of these simple steps we can help make our websites as secure as possible.