This week, I have a special guest post for you from AccuWeb Hosting about how to make sure your website doesn’t get hacked. I have been through the disaster of dealing with being hacked with a client of mine, and it is HORRIBLE. You have enough to deal with in your business, so you want to avoid this at all costs. Since I am not a tech person by any stretch of the imagination, I got some expert advice for how anyone – even those of us that don’t spend our spare time coding – can protect their website. I’ve also added in some commentary of my own, which you’ll see in italics throughout the article.
Your customers are online, so your website is the face of your business in the critical online battlefield. “Eighty-one percent of shoppers conduct online research before they make a purchase,”* and online participation will only grow.
If your website gets compromised by hackers, you can easily lose the trust of your customers. According to Forbes contributor James Lyne, “On average 30,000 new websites are identified every day distributing malicious code… and the majority of these 30,000 sites are legitimate small businesses that are unwittingly distributing malicious code for the cyber criminals.” That means you could get hacked, not realize it, and end up screwing up your customers’ computers. Clearly that won’t put them in the buying mood, so preventing this from happening is a must.
Taking steps to protect your business website doesn’t take an IT Department, it just takes a little (seriously, just a little, and it’s well worth it) effort on your part. Keep reading to see how you can make just one quick change per day and end up with a more secure site in just a week.
Step-by-Step: How to Secure Your Website from Hackers (in Less Than a Week):
Day #1 – Change Your Password
Strong passwords are the bane of a hacker’s attack.
A 10-character password with uppercase characters, lowercase characters, and a symbol has 171.3 sextillion possible combinations*. That’s A LOT of combinations, which means most hackers will probably just move on to easier targets. Just as with most criminals of opportunity, they’re looking for the path of least resistance so, if you make it even just a little bit tougher for them, you’re much less likely to become a victim. On the first day of your journey to a more secure business website, take a few minutes of your day to create a new password following the best practice guidelines for creating a secure combination:
- Use upper and lowercase characters
- Avoid any words found in the dictionary
- Include at least one number
- Include at least one symbol
You can change your password to your WordPress or Joomla admin control panel. Remember: your password is your first line of defense against a standard hacker attack. Choose it wisely.
Day #2 – Update Your Version of WordPress or Joomla
Update your CMS platform. CMS = Content Management System. For us non-techies, that’s what you use to build your site and if you’re a novice and doing it yourself, there’s a very good chance you’re using either WordPress (like me!) or Joomla.
WordPress and Joomla regularly update their platforms to reflect current industry security and usability standards. Make sure your current CMS is up-to-date with the latest version. WordPress, in particular, will alert all listed admins when a new version is available via email and on the Dashboard.
Updating your CMS is not difficult. Simply use the guides on your Dashboard to approve the update. If you are worried about losing content, install a backup plugin and configure it to back up your content to a secondary site. You can run a Google search on “backup plugins” to find one that meets your website’s needs. If this paragraph is stressing you out, don’t worry, it sounds worse than it is. Just Google or call your hosting company’s tech support/customer service if you’re confused.
Day #3: Update All of Your Plugins
In addition to your CMS platform, you need to keep your plugins updated.
Like your CMS providers, plugin creators release updated versions to stay on top of industry security trends and to introduce new features. If you are NOT updating your plugins, you leave vulnerabilities for hackers to exploit. To update your plugins, navigate to the Plugins area of your CMS platform. You will have to update each plugin separately unless your platform has an “Update All” function. You should not have to worry about backing up content, but the backup plugin you installed on Day 2 should mitigate this risk.
Day #4 – Update Your Core PC Software and Other Applications
Make sure your Windows software is patched, and that your computer or laptop applications are updated.
All computers have operating system (OS) software. Providers, like Microsoft, regularly release patches to keep your system secure. Especially for the computer that you use to update your website, ensure that your version of Windows is up-to-date.
Common applications like Adobe Reader, QuickTime, and Windows Media player should also be regularly updated. Most modern operating systems will have a popup in the lower left-hand side of the screen when an application has an available update. Do not ignore these popups: applications that are not regularly updated leave vulnerability at the client level for hackers to access your website.
Day #5 – Security Plugins
Install security plugins on your website.
We at AccuWeb Hosting suggest installing a web application firewall (or WAF) to your website. It is a software or hardware-based firewall that “sets between your website server and the data connection and reads every bit of data passing through it.” Most current WAFs are cloud-based plugins that do not require you to host the program locally on your computer. You can simply add one to your website via a security-as-a-service provider or other supported cloud-based security plugin provider to monitor oncoming traffic and mitigate potential threats.
Out of the other steps, this might take more time. You must research WAF providers via a search engine and figure out how to install it. This type of service is usually a server plugin, meaning you might need to work between your hosting server provider and the WAF provider to fully integrate it.
Each WAF provider is different, so research is paramount to completing this step. You can start by contacting your website hosting provider to see if they offer the service already. If not, they might be able to provide a list of partners they work with to provide a web application firewall.
Day #6 – Tighten Up the Admin Controls
Set up network security protocols.
Even if you’re the only administrator on your website, set up admin protocols. Create a specific list of security measures to follow that include all of the following:
- Creating strong passwords
- Changing the website password periodically (best practice is every 60 days)
- Limiting the number of devices allowed to access your business network
- Creating an admin protocol on the CMS program itself to limit the number of attempted logins. For example, if you own a WordPress website, you can install a plugin like Limit Login Attempts. There are several other plugins available to protect your website’s back end from brute force attacks.
- Setting up logins to expire after a certain amount of inactivity. Again, you can rely on plugins, like WordPress’s Idle Logout plugin, to easily set up this option.
Each business website requires different levels of security measures. However, the basics are usually sufficient for small business websites.
Day #7 – Ensure Your Host Is Doing Its Part
Start your website protection at the root: choose a web hosting provider with a proven record of providing the cybersecurity measures your website needs. For example, AccuWeb Hosting offers web hosting services, with packages that include SSL certifications and built-in anti-SPAM email protection. In addition to its secure infrastructure, AccuWeb Hosting’s datacenters provide every level of enterprise class physical security to protect your servers.
In the age of the informed consumer and the mobile customer, you cannot afford to let your website be a sitting duck for hackers. Follow these steps, investigate your options for secure web hosting, and start creating a more secure environment for your business website this week.
If you’re an aspiring entrepreneur, the best thing you can do for yourself is to just get started. Pick up my business planning ebook here to be guided through the whole business planning process for less than $5.
More of a video person than a text person? Click here to try my ecourses instead.
As I mentioned, I wasn’t alone in creating this week’s post because I do not have tech expertise. The peeps over at AccuWeb Hosting drafted the majority of this post. Please note that all of the links to AccuWeb Hosting in this post are affiliate links, with the exception of this link.