All of us strive for a sense of security in our lives, whether it be locking our car doors, installing security systems at our homes, creating passcodes on our devices, and the list goes on. For business owners, there is even more to be said about having a safe and secure website. According to a recent report by SiteLock, a leader in website security & protection, “websites experience an average of 50 cyber attacks per day”. This is alarming for any website owner, especially when you consider the cost of an average data breach to be ~$3.86 million (U.S. dollars) worldwide, as stated in an article entitled 10 cyber security facts and statistics for 2018 by Norton. It is clear that security is of the utmost importance for all website owners, which is why this guide will help in determining what you can do to secure your website against malicious attacks.
An SSL, Secure Socket Layer, Certificate is one of the baseline security measures that every website should have installed. An SSL is the lock icon you see in the URL bar of websites and it allows a secure connection between you (the client) and the server. While an SSL does not prevent an attack or stop malware from running, it prevents anything or anyone from intercepting data such as name, email or credit card information. Additionally, any ecommerce website must use an SSL certificate in order to be PCI compliant when handling information such as credit card or bank information. Not only do SSL certificates give users a piece of mind, but Google actually rewards sites that have one installed and configured, increasing a search engine ranking.
Stay Up to Date
Over 60% of the websites on the internet today are built using a content management system (CMS), such as WordPress, Joomla, Drupal, Shopify, Wix, etc. While it makes spinning up the main framework of a website easier, it can expose your website to vulnerabilities if you are not careful. In a March 2019 report conducted by Sucuri, of the WordPress sites hacked, 36% of them were running outdated versions. Most WordPress core and plugin updates are related to security patches that fix a potential vulnerability on your website. Another good practice is to maintain website backups to ensure that if your site was ever compromised, it can be reinstalled to a point before the hack occurred.
Enable a Firewall
A Web Application Firewall (WAF) protects against malicious attacks such as brute force, where hackers try to spam different usernames and passwords over and over again attempting to gain access, SQL injections, cross-site-scripting, among other things. This allows for a frontline of defense against incoming attacks from hackers and bots. There are many different kind of plugins to install on your WordPress site to configure a security firewall, two we recommend are WordFence and Sucuri. Both offer website scanners that will scan your WordPress site for any weak points and offer solutions in order to patch these security vulnerabilities. In addition, WordFence will limit the amount of login attacks and begin to blacklist known IP addresses as malicious, not allowing them to access the website at all.
Regardless of the size of your business or the number of pages on your website, it is important to begin putting into practice some security measures. Additionally, you can save yourself time and money later on by being proactive instead of reactive in terms of website security. While following the steps in this guide cannot guarantee you will never have a breach it will reduce your overall risk. If you still have questions or are concerned about a potential vulnerability on your website, feel free to reach out to our security team who will be happy to help!