703.829.0809

How to Protect Your Website from Hackers

ironinsights

Site security is a monumental, need-to-know topic. Get some good insight from our experts as they share tips for better online security.

Make upgrades and audits a regular routine.

There are some simple tips that can greatly improve not only your company website but your security in general: Using a strong unique password paired with a password storage solution like LastPass is a quick and effective start. Using two-factor authentication when possible will also help stop brute force attacks.

There are many security plugins like those we use by default on all of our client sites that also limit the number of attempts, lock out IP addresses from multiple failed attempts and more.

Another simple yet very effective security upgrade is to make sure to upgrade your site to HTTPS with a TLS/SSL certificate. Most modern browsers are making it more obvious when you don’t have this upgrade, and some even mark your site as insecure in the browser bar. Besides just a security fix, this is also a benefit for SEO (See 7 SEO Tips and Simple Techniques).

Finally keeping WordPress core up to date along with any used plugins is another important step to keeping your site secure and preventing malicious attacks. We recommend an audit and upgrade routine at least every 6 months to review and remove unused plugins as well.

– Josh Hall, Front End Developer

Create a unique URL for the backend of your site.

Two very simple measures can protect a website. The first involves the installation of a TLS (Transport Layer Security) Certificate. This is what generates the lock icon before your URL and adds the “s” to “http” as the prefix to the URL. A second tactic is to create a unique administrative URL to access the backend of a website. For example, WordPress provides the generic URL – yourwebsite.com/wp-admin/, which is easily found by hackers or any user for that matter. Simply creating a random string of characters — yourwebsite.com/834yhefj$0& – will make finding the URL to access the backend of your site much more challenging.

– Rita Foss, Co-founder and CEO

Employ due diligence for password policy and 3rd-party tools.

1) SSL: Having a website with https is a great way to connect securely and builds trust.

2) Passwords: Enable your website to implement a password policy of credentials that require a capital letter and/or number should be the bare minimum. Those credentials should be encrypted in the database and not shared with anyone — especially email.

3) Third Party Tools:  This is a bit broad, but do your due diligence when researching tools or features to be installed on your website. Make sure you read the privacy policy, terms of conditions, and documentation. Nothing is actually free, so read the fine print.

– Justin Trevorrow, Web Developer

HTTPS is smart for security– and SEO too!

The top security tip that people need to do for their website is to make sure that you are using HTTPS instead of HTTP. HTTPS has an added layer of security that helps to prevent hackers from gaining information from a website’s customers.

Having HTTPS also gives you an SEO boost as Google ranks a website higher if it has HTTPS vs. HTTP. Even if you don’t have a site that gathers any information from customers, it can be very beneficial to make the transition anyways.

– Brandon Vreeman, Front End Developer

Regular site audits will detect any vulnerabilities. (We do that too.)

Regularly scheduled audits will help protect your website from hackers by identifying vulnerabilities before it’s too late. One of the things we do as part of our ongoing website maintenance services is provide security audits. Our website audits cover a variety of areas to make sure your website is running efficiently and securely.

During the audit process for a WordPress website, we review all plugins being used on the site to remove any unnecessary plugins and make sure the version of WordPress and the plugins being used for a site is upgraded to the latest version. Making sure you keep your site up-to-date is important as vulnerabilities can be detected in open source software. You can also use something like Sucuri, which will clean any hacked filed and provide ongoing monitoring of the site.

– Hannah Taylor, Director of Integrated Marketing
How to maintain a website

Go pro — like yours truly.

For WordPress sites, I always recommend making sure your plugins, theme and WordPress version are up-to-date. Additionally, a popular plugin that provides many powerful security tools is WordFence, which is made by Automattic — the same company who owns WordPress. Lastly, hiring a great website development company who can worry about these things for you, (*cough* Ironistic), is a great way to stay secure.

– Anika Mercier, Project Manager

Related Posts


Comments

There are currenty no responses.

Leave a Reply

Your email address will not be published. Required fields are marked *

Request A Quote
Let's take your business to the next level. Fill out the form below to get started!