It seems like every day there’s a new headline about yet another app or website that was hacked. Data breaches are no joke, and they can wreak havoc on the reputation of a company or website in seconds.
Cybersecurity Ventures reports that over 3 million records are stolen every day from data breaches.
No matter how big or small your website is, you can still become a target. Even small businesses and little-known blogs are frequently attacked.
In fact, 64% of companies have experienced a web-based cyber attack, and 43% of those are small businesses.
What does this mean for your website? It means it’s time to embrace additional security measures.
While it’s impossible to create an impenetrable fortress with your website, it is possible to get close. Sometimes, all it takes it a few deterrents to send hackers packing.
If you’re not an easy target, cybercriminals will quickly move along to someone else. Here are steps you should take today to protect your website against any threats online.
1. Review Your Security Status
First, you need to assess how secure your website is currently.
Luckily, you can do this for free in just a few clicks with a tool like ScanMyServer or SUCURI.
These tools use a variety of tests to check for malware, blacklisting, spam, and more that might be a sign of a scarier problem. Then, once you’ve received your results, these tools will provide a vulnerability summary that highlights problem areas.
If you’re running a popular website, it might be worth bringing in extra measures.
A free security scanner is a good baseline, but it’s not as reliable as an expert in cybersecurity. A security consultant can individually review your website for any signs of a breach.
Finally, security updates aren’t something you do once and forget about.
The internet is a changing place. Make sure you review your security status at least once every 6 months to make sure there haven’t been any recent developments.
2. Update Your Software
When website software is updated, it comes with security patches. If you fail to update your software regularly, you’re opening your website up to attacks by revealing vulnerabilities.
Hackers know about these holes in applications, and they’re a go-to line of attack.
Your hosting company will likely take care of your operative system security, but you’ll need to make sure all third-party software is up to date.
This includes content management systems like WordPress. If possible, opt into automatic updates to never miss a security patch.
3. Protect Your Error Messages
No matter how well your website is developed, errors still happen.
While you should read more details about the importance of logging your website with a log aggregator, you’ll need to be careful with your error messages.
When things go wrong, most websites will display an error message. This message is shown to anyone who visits your website. For hackers, these error messages are a treasure map.
Make sure you don’t give too much information away in your error messages. They highlight any problems in your server or code, and you don’t want that on display.
Make sure your error messages contain limited information. Don’t include exception details, API keys, or any other valuable information in your error reports.
As mentioned before, your specific information about any errors should be kept safely in your logs.
4. Encrypt Your Website with SSL
While there’s a myth that you only need SSL if you handle sensitive information over your website, this isn’t really true.
HTTPS protocol (the result of an SSL certificate) is necessary for any website that’s online today.
In fact, Google recently announced it would consider HTTPS in its page rankings, so there are many benefits to making the upgrade.
When you have an HTTPS protocol, users get the guarantee that they’re only communicating with your server. There is no intercepted information or change in the content.
Even if all you’re collecting is emails, you need this level of security for your users.
5. Secure Your Login
Despite how simple it seems, much of today’s hacking comes from poorly secure login pages.
That means you need a complex password and a system for enforcing this password.
Using the eight character minimum, special characters, and more is a good idea for protecting yourself and your users.
You also need to secure your login page. For WordPress users, it’s easy to guess the login for most websites is found at the extension wp-admin.
You can easily rename this URL so it’s no longer the default. This keeps hackers from brute forcing their way into your website.
Install a website lockdown feature to lock down your website if there are too many failed attempts to access your login.
For WordPress users, the iThemes Security plugin will notify you if there’s been a brute force attempt.
Through iThemes Security, you can also enable 2-factor authentication which means you’ll be asked for more than just a single password upon login. It’s impossible to be too careful.
Keep Your Website Safe
Keeping your website safe means making your user experience more secure. Your customers and readers need to trust that your website is a safe place where their information won’t be compromised.
Unfortunately, many websites are breached all of the time. It might seem scary out there in a world full of so many cyber hackers, but there are steps you can take. These tips above are a great line of defense against the most common attacks. The key is to not make your website an easy target.