Before we talk about how to make your website secure, it’s important to understand what a hacked website might look like.
Although there isn’t a set standard of rules a website will look like or perform like once hacked, you can generally gauge a good idea of whether or not it’s been hacked in some common ways.
- Ransomware – Hackers will threaten to publish your data or withhold access to your website unless a ransom is paid
- Cloaked Keywords – Written content is altered on your website to rank for specific key terms on Google which will redirect to a dodgy website
- Gibberish Hack – Like above, but the created pages will be filled with keywords and a lot of gibberish
- Japanese Keywords – Random pages of Japanese content will be created which contains affiliate links to online stores that sell fake merchandise
- DoS – Denial of Service attacks overload a website with requests so the server crashes
- Viruses – If a virus is inserted into your website, it could go down or you may not be able to access it
- Phishing – Hackers will contact your clients pretending to work for your business in the hope of obtaining personal information
How To Protect Your Website And Make It Secure
Now that you know the potential hacks that could take place on your website, it’s time to learn how you can make your website secure.
1. Install & Activate An SSL
The easiest way you can protect your website and its visitors is to install an SSL certificate. When you browse the internet and visit a website, you’ll see if a website is secure if the URL contains HTTPS at the start of it.
SSL stands for Secure Sockets Layer. By installing an SSL certificate on your website, your website’s data and your customer’s data are encrypted. There are different variations of SSL suitable for certain websites, e.g. eCommerce websites that process payment details.
If you visit a website without an SSL certificate, Google will flag this up as an unsecured website. Essentially that means if your website doesn’t use SSL, your SEO will be affected. If your website and another website were exactly identical, but your website didn’t have an SSL, the other website would rank higher than yours.
If you accept payments via your website, it’s even more important to have an SSL. Any data processed without an SSL is vulnerable and open to hackers.
There are several ways in which you can install an SSL certificate on your website:
- Choose a great website builder that includes a free SSL
- Choose a hosting provider like Hostinger or Siteground that provides a free SSL
- Install a Let’s Encrypt SSL for free
2. Invest In Anti-Malware Software
Anti-malware software identifies malware and removes it for you. There are hundreds of different anti-malware options out there which include free and premium plans.
Software like Bitdefender is free to use and available on PC, Mac OS, and Android. Of course, there is premium software too like SiteLock which starts from $14.99 per site, per month.
When there’s a free version available, it makes you wonder why you should pay for premium anti-malware software. Well, SiteLock allows you to tailor your security depending on your websites needs and includes:
- Web scanning
- Malware detection
- Malware removal
- Web application firewall
- DDoS protection
- Vulnerability patching
- PCI compliance
Website builders and web hosting providers should take care of your website’s security. Many hosting providers include anti-malware software free as part of their packages, including software like SiteLock for free.
3. Secure Your Passwords
If you’ve read our password statistics article, you’ll know that 90% of internet users worry their passwords will get hacked.
We use passwords every day, and many people use the same password for most of their online accounts. It’s easy to underestimate the power of a password and how vulnerable it could be to hackers.
Passwords are one of the easiest things you can update or change to increase the security of your website. Take some time out of your day to make sure your passwords are secure or even consider autogenerating strong passwords using a password manager.
Some of the most commonly used passwords (believe it or not) are:
- Create a combination of unrelated and random phrases
- Randomly generate your passwords using a secure password manager
- Don’t reuse your passwords
- Make sure your passwords are long
- Never use personal information like names or date of birth in your passwords
4. Keep Your Website Up To Date
If you’re using a website builder or managed hosting provider, you may not need to worry about this step so much. However, it’s still good to check with your provider that they are managing the updates on your website.
We’re not talking about updating your content, we’re talking about making sure the platform you’re using, or the themes and plugins you have installed on your website is updated.
If your platform like WordPress isn’t updated with the latest updates, your website is at risk of security issues. Therefore, you need to make sure you run updates for your WordPress software as well as plugins you have installed on your site.
Most providers will allow you to select automatic updates, but there’s no harm in taking a few minutes to check your website is secure and up to date.
5. Watch Out For Scams
While it may seem obvious to some people not to hand over their personal details, millions of people worldwide (including businesses) are still falling for scams. It’s through no fault of their own, but it’s important to understand how you can protect yourself and make your website secure.
Did you know that 94% of cyberattacks start with an email? This makes it the most popular method of attack, so you should keep an eye on your inbox for anything suspicious.
The majority of cybersecurity breaches are caused by human error. That means you’re in charge of protecting your website. Keep your guard up when reading emails, taking phone calls, or receiving text messages that ask for personal information. If in doubt, research the company and call them back so you know you’re through to the right people.
Here are a few things you can do to make your website secure and ensure your visitor’s details are kept private:
- Beware of open internet connections and use a VPN
- Don’t click on links in emails that aren’t from someone you know or trust
- Be careful who you grant access to your website and only give admin access to people you know
- Change the default settings on your accounts like WordPress
- Only let verified individuals work on your website
6. Manually Accept Comments
When you’ve published your website or blog, it’s a great feeling when you see comments being made on your posts. It shows that people enjoy your content, and is a great morale booster.
Comments offer social proof to your website visitors, you can share the level of engagement on social media, and can even take feedback onboard.
However, there will always be lots of comments that aren’t so nice. There are so many bots and fake accounts that are waiting to comment on your posts with an affiliate or spam link which is both annoying and puts you and your visitors at risk.
If people can comment on your website without it being approved, chances are they are going to take this opportunity to spam your website with dodgy links.
In order to protect your website, you need to make sure you change your website’s settings to manually approve comments. This gives you the chance to delete or block any users that are trying to spam your website.
On top of this, you can do the following:
- Install anti-spam software
- Ask visitors to register an account before they can comment
- Turn off comments after a set period of time
7. Backup Your Website
The steps above will protect your websites from hackers and stop them from making a move on your website. However, it’s not worth taking your website for granted and assuming everything will be okay.
Creating a backup of your website on a regular basis means that if something bad were to happen, you’ll have a recent version of your website that you can restore.
A backup is basically a copy of your website, website content, and data. If you have a large website or eCommerce store, you’ll need to ensure that your backup storage is plentiful.
There are multiple ways in which you can backup your website:
- Use a backup service like Sucuri which is a premium service
- Choose a web host that includes backups as part of their hosting plan like A2 Hosting
- Use a WordPress plugin like VaultPress to create your own backups
Regardless of which method you decide on to make your website secure, you’ll also need to consider the following:
- Off-site backups – This is where your data is kept in an off-site location so that if the server hardware fails, your backups will remain secure
- Automated backups – Ensuring you create regular and automatic backups will prevent you from forgetting and making a human error
- Regular backups – You need to ensure that you make regular backups of your website; we recommend daily, but if this is too much, then perform them weekly at the very least
- Redundant backups – Redundant backups are stored in multiple locations to ensure that your backups are backed up