Website Security. Does it Matter? What can I do about it?

Does it Matter?

On an average day, 30,000 websites are hacked (source Sophos).

Your website security does matter does matter.  There are people who hack into websites everyday, all day long, and it is a problem.  And it’s not just big companies either.

What can I do about it?

First of all, don’t panic, although 30,000 websites are hacked every day, there are over 1 billion websites world wide. But don’t take it for granted either.  30,000 a day is 10 million a year.

Here are steps you can take to protect your website from being hacked.

Hosting

Your host provider (where your website is on your host’s server) provides security to protect your website. Some of them provide additional options for advanced security.  If you have a higher traffic website, talk to your host provider to ensure that your website is optimally configured for your requirements.

On Your Website

Your website itself can have extra security functionality added to it.   Wordfence is an excellent security tool that can regularly monitor your website. Or there’s even a feature to have it monitor live (although there’s a performance hit to the speed of your website when this is implemented).  There are options to limit bad login attempts as well as many other security options.  Additionally, it has a solid caching program to speed your website up.

Backup

Backup your website regularly. This will enable you to recover if there is a problem.

Your host provider should be taking a backup daily (confirm, because not all of them do) but they likely only keep one or two backup copies of your website. You should also have backups of your website that go back at least 4 weeks and it’s best to have longer term backups offsite (in a location other than your websites host).  If you ever have the misfortune of having your website hacked, this should enable you to recover your website from before the hack took place.  If you use a WordPress site, you might want to use a plugin such as BackWPup for longer term backups.

Keep Everything Up to Date

Things are constantly changing and updating on the internet. New security flaws are found.  Web browsers and operating systems are updated.  And with your website, especially if you are using a CMS like WordPress, it’s changing too.  WordPress has regular updates.  There are plugins with your website that provide additional functionality, and they have updates.  The theme your website was developed on (whether it’s custom built or not) should have regular updates too.

Some of the updates are automatically updated on your website. Others need to be manually implemented.  There are tools that can help you to manage the updates, like ManageWP. ManageWP provides tools to update many facets of your website with a click of a button.  Additionally, it has a backup feature available too.

Use an Advanced CDN

A CDN (Content Distributed Network) is a service that distributes a cached version of your website into many servers around the world. The basic reason for using a CDN is to speed up your website speed for your world wide audience. They access your website from a server that’s close to them.  (see What’s a CDN and Why Would I want one for my website?)

More sophisticated CDNs provide a layer of security, protecting your website from many different types of security attacks. Companies such as Cloudflare or Incapsula provide advanced security with their CDN. If you have a high traffic website, you should carefully consider options such as these.  Please note, you will need $200 or more a month for this kind of service.

Final Thoughts

Of the above mentioned items, the most important one is to keep your website up to date. Most website security break downs happen with websites that have not been kept up to date.  Although that’s the most important, please consider implementing all of them (including the CDN if you are a high volume website).

Our company has removed viruses from many websites. And we work diligently to keep our clients up to date so that they are protected from attacks.

If you have any questions about security and your website, please contact The Story Web Design & Marketing at 800-349-3394 for a consultation.