Nobody believes anything bad can happen to their website … until it does. Don’t take it personally. A significant number of website attacks are random scanning. If a Web “bot” scans your website and finds a vulnerable port or application, you quickly become a target to deface your site or, worse, steal sensitive personal information.
Here are six tips to keep your website running securely:
1. Choose good passwords
We often see email and FTP accounts compromised because of bad passwords. As simple as it sounds, people still don’t use good passwords. Use a tool like PCtools Password Generator to produce 8-12 character-long random passwords that contain mixed case and numbers. Also, store passwords securely using a password manager like RoboForm.
2. Secure FTP
If you’re using an FTP program to upload files to your server, you’re sending your username and password – and all your files – unencrypted over the Internet. You’re essentially giving away your site when you use plain FTP to upload files – anyone who intercepts your FTP password can then upload whatever files they want to your site and use them to do whatever they’d like.
Instead, disable FTP and switch to Secure FTP (SFTP). SFTP is just as easy to use as FTP. Most FTP clients support SFTP. We use FileZilla, but other programs that work well include FireFTP and WinSCP.
3. Update, update, update!
Do you use a content management platform like WordPress, Joomla or Drupal? Do you have a photo gallery or shopping cart on your site? These and other Web applications are easy targets for hackers if they’re not kept up to date. Keeping these applications up-to-date is crucial to keeping your site safe.
4. Firewall it
Want to limit access to your website? Firewall it. Website firewalls can block all kinds of activities, specific IP addresses, services like SSH, FTP (if you haven’t secured it), administrator interfaces, and even entire countries from seeing your site.
Most ISPs will give you a static IP address for a few dollars more per month. This is money well spent because you can then lock down your server by IP address.
5. Encrypt your data
Do you collect credit card or personal information through your website? If the answer is yes, you’re responsible for securing your customer’s sensitive information from anyone who would knowingly intercept it.
Encrypting your pages with an SSL (Secure Socket Layer) Certificate enables Web browsers to build a secure (encrypted) connection so that your Web applications communicate across the Internet in a way that prevents eavesdropping, tampering, and message forgery. Visitors will see a padlock icon in your browser’s status bar, and secure pages will start with “https” rather than “http.”
6. Backup your data
Sometimes no matter how much time you spend securing and policing your site, hackers find a way in. So backup your site regularly and keep those backups off your server. Then, if your site is hacked, you can return to normal operations quickly by restoring files and site content.
TIP: If you follow all of these best practices, you’ll thwart most attacks and recover quickly should you get hacked!
How to contact us
Need help keeping your website secure? Contact us today.
Safari MultiMedia is your full-service Web partner offering smart online solutions for businesses of all sizes. Our cost-effective and easy-to-update websites will help you build relationships and boost profits.
Read more Safari MultiMedia Smart Tips.