Back to insights
4 Tips for keeping your website secure
By Lois Ransome
On Sep 20, 2019
In a world of big data, with breaches and hacking scandals in the press all the time, internet security is more important than ever.
You may be thinking nobody would want to hack a website for a small business, but you’d be surprised. Much of the hacking that goes on today isn’t performed by a person, but by automated bots that crawl the internet looking for holes they can take advantage of. Therefore, everyone with an online presence is at risk.
Plus, with the introduction of GDPR you could be subject to a hefty fine should any personal data in the back-end of your website be breached.
Learn how to keep your website secure and safe from hacking with these 4 essential tips.
1. Keep software up to date
It may seem obvious but keeping your online software up to date is vital for keeping your website secure. Once a security hole is discovered in a piece of software, hackers are quick to jump on anyone using that particular programme.
At Digital Reflow, we build all our websites on a custom CMS, so software updates are taken care of by us. All our code is stored on Github, which sends us notifications if there are security risks on any third-party packages we may use, allowing us to keep on top of all software updates.
If your website is powered by an open-source CMS such as WordPress then you’ll need to regularly check and update your software. You won't always be able to update the plugins though, and according to Imperva, a security software provider, "98% of WordPress vulnerabilities are related to plugins". As we don’t use plugins, choosing instead to build bespoke functionality to our customers exact needs, this isn’t an issue you’d encounter with a Digital Reflow website.
2. Install an SSL certificate
An SSL certificate is a small data file that can be added to your website to encrypt any data that’s submitted to the server, meaning only the person who submits the data and the person/server who receives it can read it.
When you have an SSL certificate a small padlock will appear in the URL bar of your web browser, telling users that your website is secure and that they should have no concerns about submitting data on your site. Users can also click the padlock to see extra privacy information such as how many cookies are being used on the site.
Google also loves an SSL certificate, so it's a must have if you’re looking to rank for your key terms in organic search listings.
3. Use secure passwords
This is an absolute no brainer and a practise you should apply to everything you do online. Shockingly, the most common password used online is ‘123456’, which is estimated to be associated with 23.2 million accounts.
The National Cyber Security Centre suggests following the below guidance to ensure your passwords are secure:
- Choose three totally random words as your password, for example ‘coffee, car and snake’ would become ‘coffeecarsnake’. These are memorable to you, but not easy to guess.
- Do not use duplicate passwords for different accounts and ensure every password you use is totally unique. Adding different numbers onto the end of the same password is not secure. If someone gains access to one of your accounts, they’ll gain access to all the others in no time.
- And finally, change your passwords as regularly as possible to keep hackers on their toes.
4. Keep backups
Even if you follow all of the above tips, there is still a small risk your website will be subject to an attack. As such it is essential that you make regular backups of your website, so in the event that you lose everything, you have a copy that you can put straight back up online with very little cost.
At Digital Reflow our websites are hosted on Heroku with backups of the database taken every night, so if you experience a website outage for whatever reason, we can get you website back up and running in a jiffy.