If you’re having a party, security is high up on the list – after you nail the Spotify playlist and guacamole, obviously. Nobody wants party crashers, and when it comes to your website, hackers are the online equivalent of these uninvited visitors.
They may be invisible, but they can do a whole lot of damage. Hackers create 300,000 new pieces of malware daily, and in the US, a hacker attacks a site every 39 seconds.
Your website is a precious investment of your time, energy and money, and it’s worth protecting. In the world of cyber protection, security guards look less like 6ft burly bouncers and more like sun-deprived web developers. The question is, do you need one? Or can you guard the door on your own?
We thought we’d explore the basics of website security, so you can decide for yourself.
A lot of people fall into the trap of thinking their website isn’t ‘worth hacking’. Unfortunately, though, hackers generally aren’t in it to destroy your layout or steal your data, but rather to use your server.
They can do all sorts of nasty things once they have access to this, like using it as part of a botnet, setting up spam emails or mining for Bitcoin. While they’re in there, they can steal information from you or your website visitors and cause expensive, irreparable damage to important files. They can also crash your website and cause huge losses in traffic – up to 98%, if your website is hacked and blacklisted.
Not guests you want at your party, then. So, what can you do? To start with, let’s explore some simple strategies for protection.
Outdated software, even just one plug-in, is an entry point for hackers – it’s like leaving the front door open! This applies to both your server and third-party software, like forums and Content Management Systems.
If your website is on a hosted platform such as Shopify, most of the updates will be taken care of automatically. Or, if you have someone experienced managing your website security for you, you won’t need to worry about it at all.
These certificates basically create a trusted environment for visitors to your website, so they feel safe there. A certificate does this by creating a secure connection, and then providing visual cues to notify visitors of this connection, like a branded URL.
Depending on your server, the process for getting an SSL certificate varies. It’s do-able on your own, for sure, but it can be as complicated as it sounds. SSLs are something an experienced web developer, like those on our team at State Creative, can do in their sleep.
This may seem obvious, but it’s time to ditch the password that you’ve had since you were fifteen. While hackers generally have more sophisticated techniques than password-guessing, if you make it easy for them, they’ll take every opportunity.
It’s not just your passwords that matter, but everyone’s who visits your site. Insist on strong password practices and enforce minimum requirements like eight characters, no recognizable words and a mix of capitals and numbers.
You should be storing passwords as encrypted values, with one way hashing to stop hackers accessing them if they do manage to break in. Many Content Management Systems, like WordPress, will have some of this security built-in.
Have no idea what hashing or encrypted values mean? Don’t worry, it’s easy enough to learn, or, if you’d rather put your energy into what you really want to be doing, this is second nature for an experienced web developer.
If your visitors are creating an account on your website, it’s a good idea to log them out when they become inactive. If their accounts are left open, it makes it a whole lot easier for someone to get unauthorized access to both the account and your website.
The best way to do this is with a plug-in such as BulletProof Security or Inactive Logout, or, if you choose to have someone maintain your website for you, they’ll be all over it.
This list of tips is really just a snapshot of the ever-changing world of website security. It moves fast, and unfortunately, hackers are always finding new ways to break through. In fact, 73% of black hat (criminal) hackers have said traditional firewall and antivirus security is irrelevant or obsolete.
An experienced web developer will be able to manage as well as they build, and that means staying on top of all the stuff that you don’t have time to know about.
Take protecting against XXS attacks (cross-site scripting), installing anti-malware software and watching out for SQL injections, to name a few. Trust us, these are things you want the professionals for.
At State Creative, we’re as much website maintainers as we are developers. We’re not big and burly (most of us, anyway) but we sure know how to keep hackers at bay. Like any website manager, we’ll be all over regular back ups, and stay one step ahead when it comes to security technology.
A website manager will be able monitor your site for suspicious activity and alert you if they find anything. Our team at State Creative are trained to spot signs of trouble from miles away.
Hackers work fast, and if something does go wrong, time is of the essence. The value of having someone who knows what they’re doing on hand to step in can’t be overstated. That’s what we’re here for.