30,000 small business websites get hacked every day. Is your website protected from cyber criminals?
Even though most individuals and small businesses believe their websites to be safe from hackers or don’t see themselves as targets, hackers think otherwise. Hackers see all websites as potential targets which they often use to inject malicious code or manipulate vulnerabilities to do their bidding.
For example, hackers are now prone to compromising websites and web apps to use its’ servers as Bitcoin miners. This leads to excessive usage of your server resources and makes your website data highly vulnerable. Research into geospatial coordinates – FOAM is crucial at the moment, securing the new cryptocurrency world is in everyone’s best interest.
Surely, you must already be well aware of the importance of protecting your website. Otherwise, you wouldn’t be here reading this article. So, we decided to put together this step-by-step guide, to get you started in adding a few extra layers of protection to your website and your server.
Let’s get started.
Table of Contents
- 1 Step 1: Use Complex Passwords
- 2 Step 2: Enable Two-Factor Authentication
- 3 Step 3: Setup A Backup System
- 4 Step 4: Verify Website With Google And Bing Webmaster Tools
- 5 Step 5: Setup System Alerts
- 6 Step 6: Run A Test For Vulnerabilities
- 7 Step 7: Use Encryption
- 8 Step 8: Install A Firewall
- 9 Step 9: Secure User File Uploads
- 10 Step 10: Update and Repeat
Step 1: Use Complex Passwords
First things first, use best practices for creating secure passwords. Yes, it may be easier to use and remember your birthday as the password for your website or your server. But, hackers also love those passwords because that type of passwords are so easy to crack.
A strong password should contain a mix of at least eight characters, including numbers, uppercase and lowercase letters, and symbols. Use a tool like LastPass to generate better passwords and to keep them saved on a secured location.
Step 2: Enable Two-Factor Authentication
Two-Factor Authentication adds additional protection to your website and your server. With this enabled, you will have to enter both your password and a special SMS code that gets delivered to your mobile phone in order to access your website. So that only you can access your website.
If your website gets powered by WordPress, you can install a plugin like Google Authenticator to add two-factor authentication to your blog.
Step 3: Setup A Backup System
It’s always better to be safe than sorry. Even if you follow all the rules by the book, you’ll never know when something could go wrong. So, occasionally backup your website (at least once a month) and all of its content to make sure you have a recovery option, just in case.
Step 4: Verify Website With Google And Bing Webmaster Tools
Adding your website to search engines through Webmaster Tools not only verifies your ownership of the website but also provides you with a lot of great insight into your website’s activities and crawling status.
Google and Bing will regularly check your website for updates and if they see something suspicious happening on your website, you will get notified immediately. Using Webmaster Tools is like having your own security guard for your website.
Step 5: Setup System Alerts
Webmaster Tools help you with monitoring the health of your website, but if you want instant SMS and email alerts on your website’s activity, set up a website monitor to send you alerts.
Uptime Robot is the best free tool that does its job perfectly. This tool will check your website every 5 minutes to notify you whenever your website goes down or give an error.
Step 6: Run A Test For Vulnerabilities
It’s common for most websites to end up with security holes and vulnerabilities. This usually happens when web designers and developers don’t follow the proper code to build a website.
Step 7: Use Encryption
Encrypting browser communication is a must for websites that collects personal information from users, especially online stores and other eCommerce websites. Opt-In for the latest versions of SSL (Secure Sockets Layer) or TLS (Transport Security Layer) to protect your user information from ending up in the wrong hands.
Step 8: Install A Firewall
Almost all web hosts use a basic firewall to protect their customers from hacker attacks. But, if you’re using a VPS or a Dedicated Server, you can install your own antivirus or a stronger firewall, such as Sucuri, to protect your website.
For WordPress, you can use a plugin like iThemes Security.
Step 9: Secure User File Uploads
Allowing users to upload files to your website (eg: web apps, networks, forums) opens up a large security threat. Follow this guide to protect your website from users uploading unwanted and malicious files.
Step 10: Update and Repeat
Don’t just set up these services and forget about your website. Remember to regularly check on your website’s health and activities to make sure everything runs smoothly. Also, change your passwords at least once a month.
Subscribe to popular technology blogs and stay updated on the latest security news. Update your WordPress and its plugins to the latest versions. And always keep watch over your website.