Programs that crack your passwords? YES! Bots that take down your servers? YES! Spam comments that overload your site? YES!
Have you ever questioned how secure your website really is? Even if your website doesn’t receive a lot of traffic, make money through advertising, or have an ecommerce platform, your website may still be vulnerable to hackers.
The solution?… At a recent networking talk hosted by Newport Interactive Marketers (#NIMRI), speaker Adam Lamagna of Sucuri Security shared the alarming risks of not carefully managing your website. “Malware doesn’t care about your site,” Lamagna said. “It’s just going to exploit insecurities.”
Below, are Lamagna’s four main takeaways for how to minimize security risks. To see his full presentation, which has many more technical details, click here.
4 Steps Towards a Secure Website
1. Beef up your hosting
Your hosting is only as strong as it’s weakest link. Typically, your website is sharing a sever with multiple other websites. If one of these other websites gets hacked or blacklisted, your site could be comprised, downgraded, or even blacklisted, too. Consider paying more for a Virtual Private Server (VPS), which eliminates many of these issues.
2. Scan for Malware
It’s extremely important to scan your sites for Malware. You can use free DIY tools offered by Lamagna’s firm Sucuri or other companies, or even use scanners that are specific to your Content Management System (CMS), such as WordPress, Drupal, or Joomla. Downloading a Firewall or using CMS-specific technology is highly recommended for your sites, as this will drastically decrease your risk of any potential hacking.
3. Embrace Two Factor Authentication
Google Authenticator syncs with your website’s CMS to keep the bad guys out! Lamagna strongly suggested using two-factor authentication to combat hackers and malware. If you’re using WordPress, it’s extremely easy to manage.
Just download the “Google Authenticator Plugin.” Then each user has their own specific 6-digit code that they need to login. So even if your username and password is compromised, no one can login with your unique 6-digit code. Google Authenticator is just one two-step plugin. There are other good ones, too.
4. Practice Essentials of Good Online Posture
There are four elements to good online posture, a term Lamagna used throughout his presentation.
Lamagna stressed the importance of creating regular backups for your website. He recommends finding the most helpful tools specified for your CMS. For example, WordPress has BackUpWordPress, which allows automated backups.
It’s extremely important to update your website and any plugins you may be using. Besides the new features that come with updates, updates also helps to clear potential security threats on your website. Monitor your site regularly to create backups, install updates, upgrade plugins, and monitor user access. Some 60% of hacked websites had outdated software, Lamagna said.
c) Password Managers
Password managers create extremely strong passwords for you and save them securely so you don’t have to remember anymore passwords. Simply create and remember one long “master password” to access your password manager account, which then plugs in your log in credentials for websites. Two of the top recommended password managers are 1Password and LastPass.
d) Access Control/ User Control
It is likey that at some point you will want to give others access to your website. Perhaps to write blog posts, add new web pages or update content. Select the appropriate permissions level for each user, restricting access to the lowest level needed. In WordPress, User Roles lets you manage your team’s access, and it works especially well with the Google Authenticator Plugin.