If you are like most site owners, you “rent” server space with a hosting company and do not own your own servers. Today we will discuss on site security and not server security which is a very different topic.
There are several steps you can take to ensure better security on your website.
=1= Install a SSL certificate (Secure Sockets Layer) on your website which will enable the https. If you are not sure if you have one already, go to your website but instead of http:// add an S and make it https://. If you are site is not displaying, you most likely do not have a SSL certificate or have one that has yet to be installed. The SSL does many things but the most important one is to encrypt the information transmitted through your site (like forms for instance). For shopping carts, it is actually required to have a SSL certificate as you are handling payment processing on your website and those transactions need encryption.
=2= Use strong and elaborate usernames and passwords in your Content Management System or any login pages on your website. The username should also be different from the expected ADMIN or 123. Your username and password should not be identical and should contain a combination of letters (small or large caps), numbers and special characters like @#.
=3= Add CAPTCHA to all of your forms including your simple newsletter signup. The CAPTCHA is this “annoying” security code one must enter prior to sending a form. If you had security breach to your admin center, add a CAPTCHA on your CMS login page as well.
=4= If you allow people to upload files onto the site (their member dashboard for instance) or via a form (sending you their resume for instance), make sure you restrict the type of files that can be uploaded. Do not allow Word documents for instance as they could contain viruses (even if the sender is not aware of it). It is more secure to allow only PDF files and/or image files like JPG or PNG.
=5= If you use a platform website like WordPress, make sure you stay current with your version of WordPress as well as all of your plugins. Next week seminar will discuss WordPress security recommendations, so check it out.
=6= Subscribe to a program like SiteLock which crawls your site every day looking for malware or any security issues. The installation of such system sometimes requires a coder to do the work but is well worth the yearly investment (typically around $70 per year). Some of the best programs will actually remove the malware for you.
=7= Make regular backups of your website, not just on your server but also on a local hard drive. For smaller websites, we recommend at least once a month. The backups should include your database content. If you have a security breach on your site and have a full backup (prior to the breach), delete your current site and re-upload your prior backups.
=8= Change your FTP server, database (which means someone will need to update the configuration file on your site) and CMS passwords at least once a year.
One thing is certain, if you are made aware of a security breach on your site, take action immediately otherwise you take the chance of search engines finding out and red tagging your site.
Do you have questions on how to improve security on your website?
Call us in California at (707) 794-9999 Pacific Standard Time.
Never hesitate to contact our friendly team by phone at (707) 794-9999 (Pacific Standard Time) or by email here. Have a successful day!