With #SaferInternetDay tomorrow, we thought we’d take a moment to go over the simplest and easiest steps you can take to make your website safe and secure. None of these items takes a security guru to implement, indeed you can probably whizz through this list in under an hour; and naturally, we recommend you do.
Use strong passwords
What exactly is a secure password? Sucuri recently had a great post on how passwords get hacked and what makes for a secure password. It’s a longer read best summed up as: the longer your password is, the better.
Here’s an older post of our own going over some of the finer points of how to choose and regenerate a really strong password.
Use unique passwords
Now you have a unique password, don’t re-use it! It’s human nature to want to keep things simple, but resist the urge to use the same password over and over on different websites. The best approach is to have a unique (and strong) password for every single site you log in to.
While this might seem a daunting feat, free password management services like LastPass take all the effort out of managing multiple complex passwords. You remember a single strong password for your password manager and it takes care of the rest.
This means if one of your passwords does get stolen, cracked or exploited in some fashion, the attackers can’t use the password to move on to other websites. You’ll just need to reset the one website, not every online login you manage.
Make sure your site uses SSL
SSL makes sure all the data sent between your website and your visitors is securely encrypted. Once upon a time only e-commerce sites deemed this level of security relevant, but that’s no longer the case; SSL is for everyone in 2020. From ensuring your passwords are encrypted when you log in to helping your website rank in Google search, there are myriad reasons to ensure your site is SSL enabled. SSL is free with 34SP.com – make sure your site uses it.
Update your software
I’ll happily repeat this one til I’m blue in the face: update everything, and update it all the time. Aside from insecure passwords, outdated website software is the number one way we see websites hacked. Hackers really aren’t looking for hard work – a quick scan for known outdated software with exploits, and within seconds, they’re into your site.
Review your website users
If you use content management software like WordPress, chances are you have more than one user on your site. It’s generally advisable to review the list of users from time to time, and crucially limit admin users. Indeed, if you can, limit your site to just one admin user. The more admin users that exist on your site, the more attack points would be ne’er-do-wells have to break in.
General best practice
Last but not least, there is a range of general best practices you should always adhere to with website and general digital safety. Some include:
- Be wary of using public computers and wifi access points
- Don’t write your passwords down on paper (yes, we’ve seen this with our own eyes more than once)
- Make sure you use a good web host (hint hint) who takes security seriously
- Uninstall old plugins and themes you don’t use
- Make sure the machines you do use have capable antivirus and firewalls installed (and activated!)
- Scan your website once in a while for possible malware – there are many free online security scanning tools
And ultimately, take a backup and relax. If you’ve taken these easy steps to secure your site, hacks are extremely rare; and restoring from backups can take care of the worst site attacks.