A surprising number of websites are lacking proper security. Website security should be a standard component on any website, especially when you are handling personal, financial, or other sensitive user data. Even if you just have a small website, when you’re handling customer data, you are a target for hackers.
Antivirus / Firewall Software
It starts with malware or viruses infecting your desktop computer – from there, they can spread to your email account and website. This is what makes strong antivirus software so important. Antivirus software will regularly scan your computer and constantly monitor for potential threats. When your antivirus software finds something suspicious it can bring the threat to your attention and in many cases remove and quarantine the threat right away.
This type of software also often notifies you when other software running on your computer has updates available as well, to make sure your overall computer remains healthy.
We recommend Bitdefender.
Firewall
Make sure your website is behind some sort of firewall. Most web hosts will have this built-in, especially if they are a WordPress web hosting company.
This adds an extra barrier that traffic has to go through in order to get to your website, and helps weed out common bots/attacks.
If at all possible, and ideally, this is handled by your web host on the server-level.
As a backup route, you can use a plugin to add this level of security to your website, but we definitely recommend having this be handled outside of your WordPress website.
SSL Encryption
Web hosting companies offer SSL encryption for your website. SSL means “Secure Sockets Layer” – it is like a secure tunnel in which your data can be sent across a network.
SSL encrypts the data that you’re sending and breaks it into smaller packages that are virtually impossible to exploit or decode. If a hacker manages to get a hold of your data, as long as it is heavily encrypted then they won’t be able to tell what the data contains.
Web browsers recognize the SSL protocols and automatically encrypt data sent across an SSL connection. In order to get SSL encryption, you need a valid SSL Certificate on your website.
Once you have an SSL certificate, all of the secured pages on your website will use the HTTPS protocol instead of ordinary HTTP. The “S” indicates the extra layer of protection. Now, login pages and other secure areas of your website can use HTTPS to encrypt all information being sent.
Testing Your Website’s Security
If you’d like to make sure your website is loading securely, use a free tool like https://www.whynopadlock.com/
For a basic security scan of your website, check out https://sitecheck.sucuri.net/
Also, be sure to get in touch with your web host to make sure they have security in place as part of your web hosting service.
If you’d like an outside view of your website’s security, get in touch.