What makes a website secure?
With everything you’re juggling to get your website online, security may not be at the top of your list. But here’s the thing: website security isn’t just for the big, popular brands. It’s for smaller ones, too, whether you’re a fitness coach selling subscription plans or a plumber accepting payments for services directly on your site.
If after all the buzz around website hacking and data theft in recent years you still think you’re too small to be a target for hackers, maybe these stats will convince you otherwise:
- 43% of cyberattacks target small business.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyberattack.
And if they haven’t, then maybe this will:
This is what people see when they visit a website that doesn’t have an SSL certificate, and it’s enough to scare most of them away.
How many is “most”? According to a customer survey by HubSpot Research, more than eight out of ten users said they would leave a website that is not secure.
In other words, if you don’t take care to secure your site and protect visitors’ information, you’ll not only dilute customer trust but also lose a significant number of prospects.
Want to prevent that from happening, keep visitors on your site and your business thriving? Read on as we walk you through the key features of what makes a website secure.
An always up-to-date system
A secure system is an updated system. This includes your server, your content management system (CMS) or builder software, and any apps and plugins you may be using.
Why is important to keep everything up-to-date?
Because most often updates include security patches and fixes that are designed to counter specific known threats. So when you’re still using an old version of a plugin, for example, you leave yourself vulnerable to threats, which is exactly what hackers are looking for.
By keeping your system, software, plugins and apps updated, you’re no longer an easy target.
So, for example, if you’re a WordPress user, you’ll get a notification via your dashboard whenever an update is released. It usually takes one click to install the latest version.
You should also make it a habit to regularly check any plugins and themes you’ve installed. Keep an eye out for the latest updates or delete anything that you no longer use.
If you’re using the Website Builder from 123 Reg that’s one less thing you have to worry about since we automatically keep things updated so you don’t have to.
Strong login security
No matter how many security measures you implement on your site, if your passwords are weak, that makes you an easy target to hackers. This may seem obvious but you’d be surprised how many people still use popular, easy to figure out passwords like “password123”.
So what can you do to improve your login security?
Check your passwords to ensure they’re long and strong. If they’re not, change them immediately. You can use password generator and manager tools like 1Password or LastPass to create and store long, complex passwords so you don’t have to remember them.
Apply the same rules to any user or customer who creates an account on your site. Advise them to use strong passwords and require them to include both numbers and characters along with the usual letters of the alphabet.
While you don’t need to add all these requirements, aim for a minimum of three.
The “S” in HTTPS
You remember that screenshot at the beginning of the article? That scary warning message is displayed when a site’s URL begins with “http” instead of “https”.
If you’re not familiar with HTTPS, we’re not going to go into all the technical details but here’s what you need to know:
HTTPS stands for Hypertext Transfer Protocol Secure. The main benefit is that it makes your site more secure for your visitors. It encrypts any data exchange between your site and your users so that it doesn’t end up in the wrong hands.
In other words, it makes your website more secure when a user shares any sort of sensitive information with you via your site, be it credit card details or any other personal information.
So the “S” from “HTTPS” stands for “secure” and it comes from securing your website with an SSL certificate, which adds an extra layer of protection to your site.
You’ll notice that SSL-secured website usually have a green padlock or message displayed in the URL window that tells users that that site is secure.
Here’s how it looks on Chrome:
And here’s how it looks on Firefox:
People expect to see that green padlock or “Connection is secure” message on any site they visit, especially ecommerce websites. It’s a sign that the website owner cares about their safety.
If it’s not there, of course visitors will be less likely to trust to keep browsing, share any personal details or buy from that site.
So if your URL begins with http and not https, it’s time to take the next step and get yourself a SSL certificate now. Check out our available SSL certificates and choose the one that best suits your needs.
Regular scans to help identify vulnerabilities
Hackers are unbelievably smart. They can find ways to gain unauthorised access to your website and files without you even knowing. And by the time you discover you’ve been hacked, it may be too late.
Want to keep your site secure? Be proactive. Make it a habit to check your website regularly (including by testing your links) to ensure hackers aren’t redirecting your visitors to other sites when they land on a product page or when they try to purchase an item.
A simple way to protect your site is to get a solution like SiteLock. This website security protection service comes with lots of tools that scan your site for threats, identify known malicious code and remove it from your website automatically.
Regular website backups
Backups are copies of your website, which are stored in a safe location. They’re critical for restoring your site in a variety of situations like a security breach, an update going badly, power going out, a hard drive failure, an employee deleting an important file, and more.
These things happen more often than you think, and they often result in lost data. That’s why it’s important to regularly backup your site so you keep your valuable data safe and secure, no matter what happens.
This post explains more about what a backup is, why it’s important and how to perform a website backup.
A reliable hosting provider
One more thing to make sure is to check that whoever is hosting your site monitors their servers for malware, viruses and other harmful activity.
At the very least, check that your web host:
- Has positive user feedback, indicating they’re a legitimate business
- Explains what they do to keep your site safe, and what elements of site safety you’re responsible for
- Offers easy-to-access customer care
Users today are more mindful of the things that indicate whether a website is safe and secure. And any sign that it’s not will immediately get them to hit that back button, never to return.
Keep in mind that this doesn’t just refer to elements on your site that are visible to anyone who visits your site, like a green padlock. It also refers to security measures that keep your site safe and secure behind the scenes like an always updated system, a reliable web host and regular backups. It’s all these things that make a website secure.