5 Security Tips to Protect Your Website from Hackers

It’s becoming a normal part of our lives now to see news reports about hacked websites. Even the giant companies like Sony and Apple are not immune security breaches, so it’s important that as website owners we do all we can to ensure we protect our websites from hackers.

You might think “Why would a hacker target my site?” well the thing to remember is that a vulnerable website can not only be harvested for the sensitive data it holds, but can also be used by the hackers to target other websites and infect users PCs with viruses too.

So without further ado, here are our top 5 tips to help you protect your website from hackers:

1) Keep your website software up-to-date

If you’re using an open source CMS like Wordpress or Drupal, or an ecommerce solution like Magento, you need to make sure you are upgrading to the latest version of your software and all its modules as they are released to help keep your website secure.

We’ve seen a massive increase in the number of released patches within open source software and this shows no signs of slowing down.

So what should I do?

To help bolster your website security from hackers, the first thing you should do is sign up to receive update notifications for all the web software and modules/plugins you are using.

Next you should have a process to perform the upgrades, typically a staging or demo site will be used to apply updates which will give you time to test them to ensure they don’t break anything, and to fix any issues if they do. You can then perform the updates on your live site without any risk of downtime.

Image source: https://serverpilot.io/communi...

2) Use strong passwords and change them regularly

We all use passwords on a daily basis, and passwords that protect your website can be a key ‘way in’ for hackers.

It might sound obvious, however most of us still like to use very simple passwords that are easy for us to remember. The problem with that is, if they are easy for us, they are easy for hackers too.

Even if your password does seem to be complex, if it’s using information personal to you like a street name where you lived, or your children's names etc. this creates identifiable routes for someone to guess your password.

So what should I do?

To protect your website from hackers, we’d recommend making sure that any administrative logins use a complex username; using the defaults such as ‘admin’, ‘administrator’ etc. is bad practice so change it to something more obscure.

You should avoid using dictionary words for your passwords, these can easily be cracked in seconds by a hacker. Your passwords should be complex and ideally consist of a range of different characters including upper and lower case, special characters and numbers too.

Have a plan to change your password periodically, we’d recommend changing it every 3 months but the more often, the more secure you’ll be.

Always be careful with emails asking you to click links to login to websites. Regardless of how strong your password is, if you give it to a hacker via a fake website, they don’t even need to crack your password.

3) Change your admin location

Again, this might sound obvious, but why make it easy for hackers to find your administration area? Leaving the default ‘admin/’ folder name for your CMS control panel means it’s one step closer for hackers to login to your site.

So what should I do?

Review the documentation for the CMS and find out how to change the location of your admin area. We’d recommend following similar rules to passwords for naming of this area to make it very hard to guess for hackers, and will help protect your website.

4) Switch to using SSL

Even though your website may not take credit card details, you may still be collecting sensitive information from your customers. Your customers may also be logging in with their own username and password to manage their account, which you need to protect from hackers too. Of course you’ll also potentially be logging in to your administration area too. So it’s important to ensure that connections that pass these sorts of details are protected with SSL.

It’s even more important if you are dealing with very sensitive information like credit card details.

Without SSL, all data transferred between your visitors and your website is open and unencrypted. This means your data won't be protected from hackers, who can can use special software to ‘sniff’ your connections to and from your website and view the data being transmitted. This of course can consist of login credentials and personal information.

So what should I do?

Purchase an SSL certificate from your hosting provider and get it installed on your website to protect areas that collect or transfer sensitive data. It’s very easy to purchase one and install on your website.

It can also instil confidence in your visitors that you take the security of their data seriously. Having SSL on your site can also give you minor ranking improvements in Google since they are using it as a ranking signal.

5) Add Layers of Security

How many people need to access your admin area? Just you? Well why not just limit it so that only your network can access the admin area. You can update your website to prevent access to certain areas by the network being used to connect to it.

Of course for this you need a ‘static’ IP address so you don’t inadvertently lock yourself out. But totally blocking access to private areas of your website means hackers can’t get to it easily in the first place.

So what should I do?

Speak to your current hosting provider about the functions they provide, they may provide the ability to edit firewall rules. However on shared web hosting this might not be possible at the firewall level, but you may still be able to do some things within your web directory to limit access.

Switching to a VPS or Dedicated Server means you can have more finely-grained control over access to certain areas, utilising the servers software firewall for example.

You can even see if your hosting provider has a hardware firewall which you can use to setup specific rules to better protect your website from hackers.

Final Thoughts

Following just these 5 rules will often be enough to make a hacker move onto another website. Think of it like a burglar looking for a weakness in a house. If one house has security lights, a high fence, an alarm, and a barking dog, but the house across the road has none of that, they are likely to turn their attention to the easier target. It’s the same with your website.

If you’d like to speak to us about any of the above points or would like help implementing any of them on your own website, please contact us and we’d be delighted to discuss any areas with your further.