The way things are today, being concerned of getting hacked is very sensible. When you consider the billions of websites Google has blocked due to malware and phishing, it’s an understandable concern. So how do you build up your website security to protect yourself?
It’s simple. Layered security measures. So what are they?
Stay Up To Date
The first layer may seem simple, but you need to keep your software updated. Every single piece of software you run on your website needs to be kept up to date with the latest patches and security updates. This will ensure protection from hackers. If your plugins or extensions are no longer being maintained or updated, they should be removed and replaced.
Toughen Up Your Access Control
The administrative level of your site is the most vulnerable for attacks. Because of this, it’s important to keep tight restrictions on who has this level of access. Limiting login attempts, changing your password every few months, and making sure your default username isn’t ‘admin’, are the main ways to toughen up your access control.
Install a Web Application Firewall
A web application firewall (a WAF) is typically a cloud-based security system that offers another layer of protection. They usually have monthly subscription fees, and your hosting company may offer one or more options with their hosting services. Think of it as a gateway for your site. It blocks all hacking attempts and filters other types of traffic like denial-of-service (DOS) attacks or spammers.
Hide Admin Pages from Search Engines
Your admin pages should never be indexable through search engines. This means you should use the robots.txt file to discourage their listing. SEO Book has a great breakdown of how to create, analyze, and implement your robots.txt file. Basically, you don’t want someone to web crawl your admin page and automatically start attacking it. Listing your admin page through search engines is like having a giant red button and telling someone not to touch it.
Use SSL
You need to use an encrypted SSL protocol. This is especially important when you’re talking about credit card information. This level of protection is essential.
Remove Auto-Fill
Auto-fill enabling on your site can leave your site vulnerable to attack in the event that someone gets a hold of your (or someone else’s) phone, tablet, or computer.
Frequent Backups
In the event of hacking or malicious attacks, it’s always important to have everything backed up. A backup should happen in multiple locations if possible, but if not, backup as frequently as you can. This alone is the greatest security measure that you can complete. It can be very easy to restore your website from a backup.
Limit File Uploads
File uploads are a huge concern. You want to prevent direct upload of any uploaded files, if possible. They should be stored outside the root directory and a script should be used when you need to access them. A web host can help you set this up.
Check Your Error Messages
Know what information you provide in your error messages. Full encryption details shouldn’t be provided and you should limit the information about the error messages users can see. Your detailed errors should be kept in your server logs and not shared unless necessary.
Every layer of protection is essential to your security. Take the time to build each layer and you’ll sleep easier.
When setting up security on your website, it’s important to have a secure host. InMotion Hosting not only has several layers of security in place directly on their servers, but also gives you the ability to make any security changes directly with your website files. Use InMotion Hosting, the secure host, to power your website.
