For someone like me who is constantly deploying new websites on an array of different platforms, security may not be the first thing that comes to mind. Especially true if the sites serve one particular or niche purpose, it may seem silly to consider applying massive amounts of security to each site, taking up precious time that could be used elsewhere. While this is true, common sense solutions can be utilised along the way in order to make it that much harder for hackers to break-in to your website. Throughout my experience, using these four tricks to protect your website will stop the vast majority of all break-ins as most people are not going to waste more than a couple of minutes trying to gain access to any one site in particular.
Secure Your Password
I always take the extra few seconds to come up with a password that is unique and varied in its character makeup. Never, ever use passwords that only contain letters or only contain numbers; it is vital to your site’s security to maintain passwords that cannot be easily cracked by basic software. Use a combination of upper-case and lower-case letters, alone with numbers and symbols (_, &, #, ~, etc.) where possible.
It may sound silly, but I use a technique that simply involves me hitting the keyboard randomly to come up with a string of characters which are displayed in a word processing document. I then take that string of characters, write it down with the additional login information and use it for my password for any given site.
Select Secure Hosting Companies
If you are like me and build, host and access all of your sites from one hosting company, you most likely have already taken the steps to investigate and feel-around the basic security offerings that the hosting company offers. If you, however, build sites for clients on a variety of different hosting providers due to their existing hosting commitments, you owe it to yourself and the client to investigate what security measures that hosting company provides.
Especially simple if you have access to the control panel, dig around and determine what features are offered (back-ups, restorations, anti-spam filters, 24/7 monitoring). When considering a new hosting provider, be sure to browse through the package details and features to determine which specific forms of security come standard with the hosting.
Always Back Up Your Data
I had several bad experiences where numerous sites were compromised simultaneously (before I was using proper security etiquette) and I lost all the data, not to mention the revenues. What I learned from those instances was to always make sure that back-up mechanisms are in place to guarantee my data will be able to be restored regardless of what happens. Not only do I have back-ups running via my hosting provider, I also have secondary back-ups maintaining my databases.
Sometimes, hosting provider back-ups are not available (most companies do not “guarantee” them even if they offer the service) so I make sure to have two copies of data for each site at all times. There are numerous free and paid back-up services available and can be used in a variety of situations, depending on your data needs.
Update, Update, Update
It’s very annoying whenever I see a new update for one of my CMS platforms pop up; “here we go again”, I say, knowing that updates can cause conflicts with existing plug-ins and add-ons. Even though it’s a pain sometimes, updating your web platform software to the latest version is one of the best ways to prevent hackers from obtaining access to your site. Vulnerabilities and exploits are discovered constantly and developers release updates in part to fix these. You can bet that there will be at least one person out there looking to exploit an un-updated version of a particular CMS and sooner or later, they’ll find you.
If you have spent lots of money on a copywriter and a great web design the last thing you want is for your website to be hacked, so keep the above guidelines in mind and you should have no trouble.