little effort, yuge benefit
It doesn't take a whole lot of effort in order to greatly reduce your website's risk of being breached. Do these 3 things and get on you way! You may find that in the end you need help with more advanced security and we'd be happy to help with that!
However, you can have a more secure website by simply doing these 3 things. The best part? It doesn't take a whole lot of effort. Follow the instructions below and you're good to go!
Step 1: install ssl - force https
This is probably the #1 thing you can do to greatly increase the security on your website and for multiple reasons. You can purchase an SSL Cert from many companies, we recommend Digicert! After purchasing your SSL line be sure to properly install it and force traffic to use https instead of http. The benefits to having SSL are:
- Fully encrypted traffic between users and server
- Sending log-in credentials encrypted as opposed to unencrypted over the open web
- Google SEO will give your website an SEO boost for being encrypted
- Pages cannot be modified by outside attackers/hackers
- Little Green lock verification in the user browser window (see image below)
Another great part? They aren't that expensive, a few hundred dollars a year and you're good to go!
Step 2: hide any and all log in pages
Hackers and the programs they create generally follow a pretty simple rule and that's called 'path of least resistance'. What this means, is essentially, hackers and their programs will either give up or take a left turn when any resistance to their hack attempt is received.
In one example, regarding WordPress, that's looking for the login page. I wrote a more thorough blog post on hiding your log-in page here, but essentially there are programs that seek out the standard log-in page (http://yoursite.com/wp-login.php) and through that page they can do a variety of things to try to hack your site. It can often be as easy as hiding this page using a variety of methods to virtually eliminate this risk. WordPress is one example, but hiding log-in pages no matter what platform you're using is extremely simple and very effective.
step 3: modify and evaluate user permissions
It's probably the single most overlooked piece of web security - internal security best practices. It mostly concerns who has access to your website admin pages, how they gain access to the site, the strength of their passwords, how they are memorizing/storing their passwords, and what kind of access they have once the enter the website.
It's so easy to overlook and all it takes is one user with administrative access with a password '123456' and you're entire website could be gone in a blink. No matter what kind of security measures you take, this kind of breach is only prevented if you have solid internal security best practices in place. Take the time to review who all has access to the site, what kind of permissions they have once they gain access and what kind of password policies your company has in place. It doesn't take a lot of time or money but could end up saving you a ton of both in the long run.
THANKS FOR READING!
Thanks for reading this post on website security. If you're looking to keep your website or CMS safe from hackers and attacks, click the image below to download our guide and make sure you're doing all you can to keep your website safe! Also be sure to check back to our blog for other great articles on website security.
