Website Security Made Easy
29 Nov 2012
In today’s world security is an ever-present issue. Keeping your email accounts, financial pin numbers and social media sign-ins protected is an everyday practice in your personal life but all too often very little thought is given to your other online assets, such as your websites.
It takes a lot of man hours and hard work to get your business’s website up and running and almost as much to maintain those sites on a week to week basis. Don’t let all that hard work and published material go to waste with an insecure website.
Canopy Media’s Website Security Checklist
Website security is quite obviously a huge subject. There are more tips and tricks than you can shake a stick at and some of them are so technical that they can be hard to understand, and even harder to implement.
With ease of use and high security in mind we’ve crafted this website security checklist to get you started. Simply follow these tips and make your website more secure.
Website Security Basics
Solid password security really is the most basic way to keep your website and online accounts secure. Using the same login and password combination for every account means that online prowlers only need to crack your secrets once to gain access to everything you have. Creating multiple password and login combos can be tough to keep track of but it does keep your accounts more secure.
Action Plan: Build a physical list in your office or on a document on your computer. This way you can have multiple password and login combos without the fear of forgetting and getting locked out of your own accounts. If you have to transmit your list at some point across the internet, by email for example, make sure you do it on a secure service and take the time to encrypt your data so even if someone gains access to the document they will need a passcode to open the file.
It’s also important to keep your email account clean of emails containing password information. Each time your create a new online account on the internet you are sent a set of sign-in details. These emails need to be deleted after you record your passcodes in a secure place. If someone gains access to your email account they will in turn have access to every account you have online.
Avoid Default Settings
When you launch a new website using a CMS there are a number of common settings and sign-ins that are used by default. WordPress is a perfect example. On all installs of WordPress the same username is used. With the username ‘admin’ being the default hackers only need to decypher your password in order to gain access to your sites.
Action Plan: When you’re installing WordPress you have the option to change the default login name. After you’ve installed WordPress the only way to change the default login name is through editing the database. Once you have chosen a login and password combo that suits your needs make sure to record your login details in a secure location, as mentioned above.
Keep Your Site Up To Date
Most websites these days are built on some sort of content management system or CMS. Even sites written in original code specifically for that site use extensions, plugins and code inserts (snippets) to augment their features and service offerings online. All these bits of code need to be kept up to date.
Older versions of coded add-ons could be more vulnerable to online and viral threats roaming about the internet. Make sure you keep your code, plugins and extensions up to date to prevent hacks and incursions into your online assets
Action Plan: Do regular updates. Set up a monthly repeating event in your personal or business calendar that reminds you to check up on your backend. Check each item one by one and ensure that there are no holes in your online defence shield. WordPress, for example, has an automatic update feature for the CMS itself, installed themes and plugins so you can update quickly and easily.
Check Add-Ons For Continued Support
Content management systems are known for their simplicity, ease of use and their add-on extensions, widgets and plugins that augment the features on your site. Unfortunately these coded add-ons aren’t always managed by their creators in perpetuity. Once the creator stops supporting, or updating, it’s time to find a supported substitute. Using unsupported add-ons could mean your website is more susceptible to hackers.
Action Plan: Keep a list of the plugins and extensions you have installed on your website. Make a point of checking the developer sites to ensure that support is continuing to keep the extension secure. If one of your favourite plugins loses support and the developer abandons continuous updates simply look online for a replacement plugin. Every CMS has multiple options for almost every add-on function your site requires.
Perform Regular Backups Of Your Site
Even after taking all the steps mentioned above your site could still be vulnerable to attack. In some instances the infiltrating virus or malware can be expelled and cleaned out but that doesn’t work in all cases. In extreme situations websites will need to be reinstalled in order to expunge the unwanted data. Without a proper backup all of your content will need to be developed from scratch.
Action Plan: Keep an up to date backup of your website so you can reinstall without too many headaches and downtime for your site. Most content management systems can have an automatic backup plugin installed so your dropbox or email account receives a .zip file of your site content.
That’s website security basics in a nutshell. But stay tuned. There’s always more to learn. We’ll be following up this article next week with Intermediate website security complete with the website weaknesses and the resultant action plans.
In the meantime, increase your general web knowledge with these helpful blog posts: