In our Website Review Checklist, one of your tasks is to check in on your website security in your ‘back end’ (that’s the technical bit that only you and your web developer sees not anything else!).
We thought it might be useful if we went into a bit more detail, so here is a quick website security checklist for you:
1.Update your plugins
WordPress is wonderfully flexible and malleable, which is what makes it the preferred website platform. This flexibility comes from the software we use to add in the functionality and features that you need. This software is called a plugin and their creators are constantly updating to make improvements and iron out any glitches. Each time they do this, they publish a new version. For your website to be efficient it needs to be using the most recent version. We do this by updating the plugins.
2. Update your password
It is estimated that 50% of us use the same password for the majority of our logins and 80% of cyber attacks are attributed to password hacks. Cyber crime use such sophisticated software, passwords are easy for them to crack. Using a secure, generated password and updating it regularly is the best way to protect your password and reduce the risk of security breaches. Using a password generator makes it much easier to set and manage. Don’t forget to write them down & diarise a change!
3. Organise a back up
If anything goes wrong with your website, and if you are in the very unfortunate position of being hacked and having your site taken down, if you don’t have a back-up then you may not be able to get your website back. Regularly updating your website gives you the peace-of-mind that you will always have a copy of your site. You can back-up your website yourself by following instructions like this, or you can ask your web developer to do it for you!
4. Invest in Malware Software
Malware is the ‘code’ that hackers insert into your website that causes the problems. As we have mentioned, cyber crime uses such sophisticated software that you might not know this has happened until it is well too late. Installing malware detection software gives you the earliest warning so that you have time to do something about it. You can buy off the shelf malware protection or can get expert advice from companies like Compex IT, who look after it for you.
5. Review your permissions
This means check who still has access to your systems. Maybe employees have left? Maybe you had to share with technical support? There can be lots of situations where you will granted access to your website that you may have forgotten. Reviewing who can get access and removing anyone who no longer needs is a brilliant spring-cleaning activity. (And whilst you are there you can give everyone a new password. That will tick two things off your security checklist!)
5. Check you have an SSL
SSL stands for Secure Socket Layer Certificate and the simplest way to check if you have it is to see if there is a little padlock next to your website name in the address bar. This certificate demonstrate that your website meets a certain level of security and that you are safe and reputable. If you don’t have an SSL, Google may flag you up and warn any visitors with a very sombre message before they can get to your site. Obviously not ideal. You get an SSL from your hosting company or web developer.
7. Secure your checkout
Do you have an online shop? If you don’t, please move onto number 8. If you do, do you have an Address Verification System (AVS) and a Credit Card Verification System (CVS)? They both add additional security benefits that again, give you peace-of-mind, and reduce the risk of your business being used for illicit purposes and all of the hassles that this brings to your door. Having an SSL certificate and that all-important ‘Https’ also makes a big difference to your security and your customers.
8. Use a reputable hosting
Hosting is what you need to display your website. If your website is your virtual shop/premises then your hosting is your virtual road or location. As with anything, there is s huge disparity in the level of support and the quality of service that is available in the hosting industry. Key things to looks out for are; storage amount, bandwidth limits, uptime rates, customer service provision, database support and back up facilities. You can get hosting super cheap, but we wouldn’t recommend it.
So there you go, 8 simple website security checks.