Now that you know how to enhance your website’s performance, let’s talk security.
There are few things more gut wrenching than navigating to your website and, instead of finding your homepage, seeing a pirate skull. You’ve been hacked. Your credibility has been damaged. You may have lost potential customers, and you may lose current customers.
One bad hack can destroy a business. But, as the saying goes, “an ounce of prevention is worth a pound of regret.”
Here are some of the most important things you can do to ensure that your site is secure.
Use Strong Passwords
I know, right? You’ve heard this before. We all have, and it’s mind blowing how many people still violate this basic security rule.
Passwords are the weakest link in most security systems. Make sure that yours is strong. Use a password generator to create new passwords. If you have trouble remembering them, you can store them in a password manager like LastPass or 1Password.
Make sure that everyone else with access to your site is using a strong password as well. This applies to all users, not just ones with administrative access. A hacker can still cause a lot of damage without administrative privileges.
Use Two-Factor Authentication
Two factor authentication makes use of a password and some other form of authentication. This usually comes in the form of a special code that is sent to you via text, email, or app. Every time you log into the site, a new code is generated. This makes it very difficult for any hacker to get into your account because they would need to have access to your email account or, in the case of an app or text, your phone unlocked and physically with them in order to get the code.
It might feel silly and annoying the first few times you do this. But I promise, the extra few seconds every time you log in is well worth the added security.
Use Updated Versions of Software
I don’t know about you, but it feels like whenever I unlock my phone there are about 15 apps that need to be updated.
Software is never perfect at launch. It has to be constantly maintained and not just to fix bugs or improve performance. Security vulnerabilities are discovered all the time. If your website is running on a healthily maintained platform you should be getting regular updates that address these problems.
Sometimes you will be able to apply these updates automatically. If you like living on the edge you’re welcome to do this. But sooner or later, chances are good that an update will break some functionality on your site. When this happens, you are at the mercy of whoever maintains the software to release a fix, or worse, if the problem is a result of bad coding on your end, you may have to fix it yourself. It’s always a good idea to test software updates in a safe environment before applying them to a live website.
It’s also important to note that this principle applies not just to your website, but to your hosting environment as well. Make sure that you are using a reputable host that gives you regular security updates, or you may get hacked in spite of all your best efforts.
Install an SSL Certificate
An SSL Certificate protects data in transit. If a user is filling out a form on your site, the data that they input into it has to travel from their computer to the WiFi router and through the internet before it reaches your server where the data is processed. There are a number of vulnerable areas along this route where a hacker can step into the data stream and read it as it’s going past.
With an SSL Certificate, all of that data is encrypted before it is sent. It won’t get decrypted until it reaches your server. So even if someone does manage to intercept that data, they won’t be able to read it.
SSL Certificates are a requirement for PCI compliance. So if your website accepts credit card data—for any reason—you must have one. However, they are strongly encouraged for all websites. Even if you are not collecting credit card data, a hacker can still steal your users’ address, email, or phone number if your site is not secure.
This is by no means a comprehensive list. We haven’t even started on firewalls and banning ip addresses. But as far as the basics go, this about covers them.