Six simple ways
to secure your website
Everyone is online
The use of internet keeps increasing yearly and everyone is hooked up to their devices, either to follow up personal and business matters or for entertainment purposes. In 2021, the number of internet users hit 4.9 billion users.
At the beginning of the COVID 19 pandemic (in 2020), we were forced to move all our lives online; a trend that continues as we go through 2022. Most government services have also shifted online and what used to be a digitalization challenge suddenly became possible to ensure public safety.
Businesses understand more than ever that their digital presence is vital for developing and sustaining their work. It is no longer a luxury but a must to be present online for your clients; one way to do that is through a responsive website.
Being online, however, is associated with risks. The number of cyber attacks is increasing every year and the targets are no longer only big corporations. In Q1 2021, online stores were targeted by 15.77% of all phishing attacks. Many small businesses start as online stores and may not be equipped with the knowledge and tools to protect themselves.
Whether big or small, every business owner must plan and implement measures that safeguard their digital assets (websites, data, social media, etc.).
In this article, the focus is on how to protect websites but there are other important digital assets that must be protected. Other articles on this website will cover those assets.
The following 6 actions will provide a decent amount of protection to your WordPress website if implemented correctly:
1) Backing up your website regularly and retaining at least 3-5 past versions.
If at one point your website is hacked, you will be able to bring it back online quickly using one of the latest saved versions after you’ve cleaned the malicious files. The backed up files may be retained online and/or offline depending on the company’s business continuity and data management strategies.
2) Implementing 2 factor authentication on user accounts, especially admin account(s).
This setting requires users to enter the account password followed by a code sent to an assigned email, phone number or authentication application. It’s worth noting that you would also want to protect the assigned email, phone number and authentication app from unauthorized access and use.
3) Installing security plugins and software to safeguard the website from attacks.
Always use antivirus and security software to protect your web server (even if it is not self hosted) and devices used to access the web server.
4) Keeping all plugins and software up to date to eliminate vulnerabilities.
Plugins, software and apps are constantly developed to improve functionality and eliminate security vulnerabilities. Therefore, it is important to always up date them whenever a newer version is available.
5) Restricting the upload of files with “bad” extensions.
Examples of “bad” or risky extensions include .exe, .bat and .pif. The restriction placed on such files closes a back door that hackers may use to run disruptive scripts on websites.
6) Raising cyber security awareness among employees and agencies that handle the company’s digital assets.
People are often the weakest point in a process. It is not enough to have tools and processes in place; the right awareness level is also needed. In 2021, a survey taken by 3,500 organizations showed that 3% of the employees who received malicious emails clicked on the links provided. This is a high percentage but it takes only 1 employee to jeopardize the safety of the whole organization.