How to lock down your web security

By on
How to lock down your web security
you can take control of your website’s security by taking an iterative approach
Photo by JJ Ying on Unsplash

Today, cyber security remains one of the most serious economic challenges for enterprise businesses.

COVID-19’s digital revolution has exacerbated the ways in which hackers can take advantage of a businesses’ web security flaws. Often businesses think that their website is too small to become a target for cyber criminals, but that’s definitely not the case.

One increasing threat in online security is ransomware, a type of malicious software designed to block access to a computer system or file through encryption until a sum of money is paid, with a 60% increase in ransomware attacks against Australian businesses in the past year. Businesses of all sizes are at risk, for example major Australian retailer JBS Foods fell victim to a ransomware attack recently which affected more than 1,000 companies globally. The ransom demanded up to $6.9million, making it the biggest global ransomware attack on record.

With more Australian consumers online than ever before, securing your website is vital to keeping customers safe and your sensitive information secure. Without a proactive security strategy, businesses risk the spread and rise of malware, attacks on other websites, networks, and other IT infrastructures.

Here are eight simple steps towards protecting your website against malicious cyber attacks and ensuring your online customers’ safety and security:

 Choose the right CMS system

If you’re launching a new website, employ a safe and reputable content management system (CMS) like WordPress which is the world’s fastest growing CMS, driving 41% of all sites globally and 83% of all Australian websites (using open-source). Plus, according to recent WP Engine research, the majority of Australian businesses believe WordPress is easy-to-use and leads to economic benefits.

Encrypt your website

It is crucial to enable a Secure Sockets Layer (SSL) certificate which encrypts all information sent to and from your website and helps ensure your customers data (e.g. credit card details, postal addresses, purchasing history) stays private. One popular and reliable, and free, example of an SSL is Let’s Encrypt

Identifying whether or not a site is SSL certified is simple. An SSL certified site will start with an HTTPS in the URL address, while a site that’s not SSL certified will begin with HTTP.

Install a security plugin

Installing a security plugin is a no-brainer when it comes to making your website secure. A plugin is a third-party functionality that customises your site to better suit your needs and serve your visitors. It can be anything from an eCommerce tool to a design integration function - in fact, WordPress has 58,000 plugins available.

For WordPress, install a plugin like Sucuri that minimises security vulnerabilities in all matters related to website security, with specialisation in WordPress. If you’ve partnered with a technology company like WP Engine, be sure to check the list of disallowed plugins that are likely already installed as part of its core offering.

 Keep your software updated

While plugins help improve your site, an outdated plugin or other website component can actually lead to your site becoming an easy target for intruders. In fact, when it comes to WordPress, over half of reported security vulnerabilities (54%) are due to outdated plugins.

When you see an orange notification in your dashboard next to your plugins or themes, or receive a notification to upgrade, be sure to click on it. For WordPress users, adopting the Smart Plugin Manager helps you seamlessly and automatically manage all of your WordPress plugins thanks to machine learning and visual testing tools.

Enforce strong passwords and usernames

Disarming your website with an easy and straightforward password opens your site up to brute-force attacks, which is where hackers use trial-and-error to guess login info, encryption keys, or find a hidden web page.

Use a tool like Strong Password Generator to ensure your password is hard to break - and if you’re on WordPress, install a plugin like Force Strong Passwords which forces other internal users to adopt a robust password.

Limit login attempts

Limiting login attempts further prevents your site from brute-force attacks. Limit admin access to ‘must-have’ users only and ensure a Two-Factor Authentication (2FA) is in place.

For WordPress sites, install a plugin like JetPacks Protect which minimises the amount of login attempts available, or even better still, see if your host implements this feature for you.

Regularly backup your website

Backup your website at least once a week. If you have a WordPress site, these instructions will help you backup your data and automate backups and other resources.

Alternatively, there are several plugins such as BackupBuddy that provide automatic backups on a daily basis. Backing up your website makes it easy to restore your site after an attack or something breaks on your site.

Choose the right technology partner

Asking the experts is never a bad thing. Partner with a trusted technology company for enterprise grade security infrastructure including automatic security updates, SOC II certification, real-time threat alerts and high-performing and secure technology stacks. They’ll ensure you’re adhering to the gold standard of security guidelines and principles to protect your site from the most common attacks.

The reality is that you can take control of your website’s security by taking an iterative approach, implementing the right precautions and monitoring your site closely. But, the most important thing is to get started.

So, what’s your first move towards making your website more secure?

Ricky Blacker, Senior Solutions Engineer, WP Engine, ANZ.

Copyright © BIT (Business IT). All rights reserved.
Tags:

Most Read Articles

Poll

What would you like to see more of on BiT?
News
Reviews
Features
How To's
Lollies
Photo Galleries
Videos
Opinion
View poll archive

Log In

Email:
Password:
  |  Forgot your password?