Keeping your website safe is important for you, your business and your website visitors. While this is not an all-inclusive list, it’s a good place to start. As you to update, expand and improve your site, keep in mind how to keep your site safe.
Keep Your Website Safe
While some hosting companies only allow characters and numbers for your username, make your username as complex as possible. Something like “Th15i5M4Uz3r” would be good. As for your FTP password, ALWAYS use a combination of upper and lower characters, numbers and special characters. Also, make your password at least 8-12 characters or whatever your hosting provider will allow.
If you don’t update your website yourself, you’ll need to get the FTP information just so you know that whoever’s working on your site has a good username and password.
Connect to your site regularly.
Believe it or not, there are plenty of folks that create websites, publish them, and then don’t make any changes to their site for years. Even if you don’t have the time or know-how to update your site, go to your website in a regular browser and make sure everything’s working as it should.
If you’ve contracted someone to update your site on an “as needed” basis, they probably will only connect to the site if they’re working on it. If it’s your business site, go to it, check all of the pages, and make sure it’s the way you want it.
This can help you catch something that may pose a risk to your site.
Check the website files on the server.
If you have FTP access, great, connect to the server and look at the files that are in the root directory and check them against the last time web pages were updated.
If there’s a file that’s too old, or too new, it could be malicious.
Keep your code updated.
This will help protect your website against vulnerabilities.
MAKE SURE ALL USERNAMES AND PASSWORDS ARE STRONG
Make sure all usernames and passwords follow the same stringent security rules as your FTP information. Easy-to-guess usernames and passwords are a top vulnerability for any content management system (CMS) website. Don’t let your users put your site at risk.
Depending on the platform used, you can add functionality to ensure your users employ passwords that will reduce risk for your or your business. Be sure to force your users, or anyone logging onto your system, to use strong passwords.
CHANGE UP DATABASE PREFIXES
When your CMS is installed, and if your hosting company allows it be sure to change up your database prefixes so they’re not easy to guess.
Check Directory/Folder Permissions
Make sure your website’s files and directories have the appropriate permissions. Permissions to folders and files should be what’s needed to get the job done, no more.
BACK UP YOUR SQL DATABASE REGULARLY
Back up your databases on the server regularly–at least monthly.
Be sure keep a few of the most recent backups on hand if you have the disk space. This will help restore your site in the event that it goes down or has problems.
KEEP YOUR CMS SYSTEM CURRENT
If you’re using WordPress or another CMS system like Joomla, Drupal, or DNN, make sure your website is using the most current version of the platform. New versions come out throughout the year to address known security vulnerabilities.
Before running updates on your system, you must backup the database, server folders that contain the files and uploads, as well as any extra programs. If anything goes wrong with a CMS update, you must be able to restore it. If you’re not sure what to backup or how to do it, we can help.
Sites that aren’t updated provide easy access to hackers.
KEEP ADD-ON PLUGINS OR MODULES CURRENT
The older the plugin or module, the more vulnerable it makes your website to attack. If you’ve been using a plugin, module or script for some time and the original programmer hasn’t come out with an update for a while, replace it rather than risk your website’s safety.
ONLY INSTALL PLUGINS OR MODULES THAT ARE COMPATIBLE WITH THE LATEST VERSION
There are a lot of plugins that offer additional functionality to websites, just be sure that what you use has been updated recently and regularly, and is compatible with the latest CMS release or version. If the plugin you’re looking at was last updated six months ago, it’s probably not current with the latest release.
If you’re not using a plugin or script, delete it.
USE SECURITY PLUGINS
WordPress has a number of great security plugins like Wordfence, Akismet, Limit Login Attempts, and more. Use them provided the plugin is current. These type of plugins help protect your site from getting hacked.