What makes a website secure?
With everything you’re juggling to get your website online, security may not be at the top of your list. But here’s the thing: website security isn’t just for the big, popular brands. It’s for smaller ones, too, whether you’re a fitness coach selling subscription plans or a plumber accepting payments for services directly on your site.
If after all the buzz around website hacking and data theft in recent years you still think you’re too small to be a target for hackers, maybe these stats will convince you otherwise:
- 43% of cyberattacks target small business.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyberattack.
As a website owner, you need to take security seriously. If you don’t keep your website secure, then you’re putting the future of your business at risk and you could expose your loyal customers to data theft. The good news is that there’s plenty of things website owners can do to protect themselves.
An always up-to-date system
A secure website is an updated website. This includes your server, your content management system (CMS) or builder software, and any apps and plugins you may be using.
Why is important to keep everything up to date?
Because most often updates include security patches and fixes that are designed to counter specific known threats. So when you’re still using an old version of a plugin, for example, you leave yourself vulnerable to threats, which is exactly what hackers are looking for.
By keeping your devices, software, plugins and apps updated, you’re no longer an easy target.
So, for example, if you’re a WordPress user, you’ll get a notification via your dashboard whenever an update is released. It usually takes one click to install the latest version.
You should also make it a habit to regularly check any plugins and themes you’ve installed. Keep an eye out for the latest updates or delete anything that you no longer use.
Often, a website owner is responsible for updating the software that runs their site, but there are exceptions.
For example, if you’re using the Website Builder from 123 Reg we automatically keep things updated so you don’t have to.
Our managed WordPress Hosting packages also offer automatic updates.
Strong login security
No matter how many security measures you implement on your site, if your passwords are weak, that makes you an easy target to hackers. This may seem obvious but you’d be surprised how many website owners still use popular, easy to figure out passwords like “password123”.
If a hacker can easily guess your password, then yours is an unsafe website.
So what can you do to improve your login security?
Check your passwords to ensure they’re long and strong. If they’re not, change them immediately. You can use password generator and manager tools like 1Password or LastPass to create and store long, complex passwords so you don’t have to remember them.
Apply the same rules to any user or customer who creates an account on your site. Advise them to use strong passwords and require them to include both numbers and characters along with the usual letters of the alphabet.
While you don’t need to add all these requirements, aim for a minimum of three. Remember: strong password means a secure website.
The “S” in HTTPS
If you’re not familiar with HTTPS, we’re not going to go into all the technical details but here’s what you need to know:
HTTPS stands for Hypertext Transfer Protocol Secure. The main benefit is that it makes your site more secure for your visitors. It encrypts any data exchange between your site and your users so that it doesn’t end up in the wrong hands.
In other words, it makes your website more secure when a user shares any sort of sensitive information with you via your site, be it credit card details, phone numbers, an email address or any other personal information.
So the “S” from “HTTPS” stands for “secure” and it comes from securing your website with an SSL certificate, which adds an extra layer of protection to your site. (SSL stands for secure socket layer.)
You’ll notice that SSL-secured website usually have padlock or message displayed in the address that tells users that that site is secure.
People expect to see that green padlock or “Connection is secure” message on any site they visit, especially ecommerce websites. It’s a sign that the website owner cares about their safety.
If it’s not there, most browsers will now tell people a the website in question is “not secure”, so of course visitors will be less likely to keep browsing, share any personal details or buy from that site. Remember, you need an SSL to protect sensitive information that’s transferred when people use your site.
So if your URL begins with http and not https, it’s time to take the next step and get yourself a SSL certificate now. Check out our available SSL certificates and choose the one that best suits your needs.
Read this guide if your website is showing as not secure.
Regular scans to help identify vulnerabilities
Hackers are unbelievably smart. They can find ways to gain unauthorised access to your website and files without you even knowing. And by the time you discover you’ve been hacked, it may be too late.
Want to keep your site secure? Be proactive. Make it a habit to check your website regularly using a specialist tool. Think of it as being like scanning your computer with an anti-virus programme.
A simple way to protect your site is to get a solution like SiteLock. This website security protection service comes with lots of tools that scan your site for threats, identify known malicious code and remove it from your website automatically.
You can use security tools to both protect your website from malware and clean things up if you’ve been unfortunate enough to get hacked.
If your website gets hacked, you’ll put your visitors at risk (because your site could infect a user’s computer) and search engines could even blocklist your site to help protect their users. You can learn more about search engines and blocklisting here.
Regular website backups
Backups are copies of your website, which are stored in a safe location. They’re critical for restoring your site in a variety of situations like a security breach, an update going badly, power going out, a hard drive failure, an employee deleting an important file, and more.
These things happen more often than you think, and they often result in lost data. That’s why it’s important to regularly backup your site so you keep your valuable data safe and secure, no matter what happens.
This post explains more about what a backup is, why it’s important and how to perform a website backup.
A reliable hosting provider
A reliable hosting provider is a secure hosting provider. Your hosting provider should work hard to keep their servers secure and provide you with tools to help you secure your own website.
At the very least, check that your web host:
- Has positive user feedback, indicating they’re a legitimate business
- Explains what they do to keep your site safe, and what elements of site safety you’re responsible for
- Offers easy-to-access customer care
If you use 123 Reg’s WordPress Hosting, you’ll get regular malware scans and updates to help keep your site secure.
Users today are more mindful of the things that indicate whether a website is safe and secure. And any sign that it’s not will immediately get them to hit that back button, never to return.
Keep in mind that this doesn’t just refer to elements on your site that are visible to anyone who visits your site, like a green padlock. It also refers to security measures that keep your site safe and secure behind the scenes like an always updated system, a reliable web host and regular backups. It’s all these things that make a website secure.