Website security: 5 straightforward tips to protect your website
20 April 2020
Website security can often be overlooked by many website owners, especially small business owners and new brands. Why? Either you are not aware of website protection methods or you think that website security isn’t an issue you need to worry about. Unfortunately, if you are not following website security best practise you are exposing your website to unnecessary risks that can cause harm to your business and reputation. In this blog we are sharing guidance and practical tips to improve your website security and protect your brand’s presence online.
What is website security?
“Website security is any action or application taken to ensure website data is not exposed to cybercriminals or to prevent exploitation of websites in any way.”
Website security protects both your website and its visitors from a variety of different risks from malware (malicious software) and defacement on your site, to stolen data and phishing schemes. These kinds of events are not good for business and can not only be costly to fix they can seriously damage your reputation with existing and potential customers.
Beware of website hackers
From British Airways to Facebook, cyber attacks and data breaches often hit our headlines as sophisticated hackers seek to exploit payment systems, carry out ID theft and even hold businesses to ransom. This is the extreme end of the hacker spectrum but hackers exist in all shapes and sizes and with different motivations. Some just want to hack a website for fun and to show that they can. They don’t care whether you own Mrs Miggins’ Pie Shop or Google, which means there will be frequent attempts to hack into your website.
Hackers are a serious pain for any business with a presence online. They like to break into websites or to install something dodgy on a website or even redirect it to somewhere you really don’t want your website users and potential customers to go. In short, the purpose of website security is to keep hackers out of your website so you can continue showcasing and growing your brand online.
5 top website security tips by Glow
Web security is important to businesses of all sizes and keeping your website safe from pesky hackers doesn’t have to be complicated or expensive. However, you do need professional advice! Say hello to our friend Phil Storey a website security expert and Founder of Glow, an easy-to-use website maintenance app and quite possibly your website’s new best friend. Phil is kindly sharing his top 5 tips to improve your WordPress website’s security, and each can be implemented by you or your web developer.
1. Install an SSL certificate
Let’s start with the most important piece of security you can add to your website – an SSL certificate. When you visit a secure website you will see a padlock in the top left corner of your screen next to the web address. This padlock tells users that any information that’s entered into that website – such as names, addresses, emails, passwords – is encrypted (turned into gobbledeegook) so that hackers can’t read it.
Without the SSL certificate installed, all of that potentially sensitive information is a piece of cake for hackers to get hold of. Many online users know to look out for the padlock symbol and will avoid websites that don’t have one. Browsers even say the words ‘Not Secure’ in red text, this is not the kind of impression you want to give your online users. Do you have an SSL certificate installed on your website? If you do, you’ll see the padlock. If you don’t, you won’t. Don’t deter potential customers and install an SSL certificate ASAP. You can purchase for small cost and ask your developer to install the code on your website.
Tip! Google favours secure websites and checks to see if you have an SSL certificate installed, if you do your website will probably get ranked higher in the search engine results.
2. Use a very strong password
We are always told to use a strong password and for very good reason: to block hackers. Unfortunately, many people are still using obvious password combinations such mynameallinlowercase, mynameandDOB, businessname and even password123 (my personal ‘favourite’)!
This tip is the easiest for you to get right, right now. When creating passwords use the full extent of your keyboard; special characters, numbers, uppercase letters, lowercase letters etc. to make it extremely difficult to guess! Passwords are so easy to guess for hackers when you use something obvious like those mentioned. Keep your website secure and challenge yourself to create a very obscure password and change it regularly.
3. Change your WordPress website’s default login address
Every hacker on Earth knows that the default login address for a WordPress website ends in /wp-admin. This means that the first thing they’ll try when they’re attempting to get into your site is to visit:
By leaving your login as the default address, you’re making their job so easy and keeping your WordPress website protection extremely low. Please change it to something unique to you and your business but not your name or business name! Try something completely random like the name of your favourite book or sports team. For example, the above url would change to:
If you’re not sure if your website is running on WordPress, Glow has a handy online tool for you to check.
4. Keep your WordPress plugins up to date
WordPress Plugins are amazing at extending the functionality of your website to allow it do some pretty cool extra things that WordPress doesn’t do out of the box. However, Plugins are built by developers all over the world and frequently updated so you need to keep pace with each update, if you don’t you’re punching another hole in your website’s security defences.
To check if any of them need updating, login to your website and hover over the ‘Dashboard’ section of the main left hand menu and click ‘Updates’. That screen will show you a list of plugins (if any) that currently need updating. Click in the little checkbox next to those that do and select the ‘Update Plugins’ button. Job done!
Tip! Updating plugins can sometimes cause other issues with your website so you should speak to your web developer immediately if you notice anything that’s not behaving as it should after these updates
5. Scan your website regularly
Finally, make sure you run a security scan on the website as often as possible. There are lots of tools that can do this for you and the Wordfence scan tool is great. It takes a few minutes to run and then when it’s done, it’ll alert you to any security issues on your website, in order of urgency. Try and get into the habit of running the scan at regular intervals (E.g. once week) to pick up those security flaws in your website and get them fixed.
How much does website security cost?
As discussed, the above website security tips can be implemented yourself or by your web developer for a small cost as they are very straightforward. Looking further ahead it would be wise to consider investing in a managed website protection service which are often affordable to small businesses as you pay monthly. Remember investing budget into your website’s security is to protect your business, brand and excellent reputation for the long term.
Always research website security companies to ensure you will have trust and confidence in them, why not ask to speak with their existing customers and hear what they have to say. A good website maintenance company will save you time, offer fast customer service (less than 24 hours to respond) and be efficient in resolving issues or carrying out requests.
Who can help you with website security?
Your first port of call should be whoever is maintaining your website for you. This could be your web developer, digital marketing agency or you may even be managing your website. Phil’s company Glow provide a straightforward website maintenance service which is designed to save you time and give you peace of mind that your website is safe and secure. If you don’t have a company looking after your website for you then you can also try contacting whoever hosts it. To find out which company hosts your website please try this website.
The role of a digital marketing agency
If your business goals are to improve your brand’s presence online and attract more customers, then a digital marketing agency or consultant can be a valuable extension to your core team. Effective digital marketing strategies take creativity and skill, and there are a wide number of digital marketing services for you to choose from and navigate between. Outsourcing your digital marketing needs to an expert with a solid reputation is a cost and resource effective solution to help you to achieve the results you want efficiently, and long term.
Ready to make digital marketing work harder for your brand?
Hi Digital are a boutique digital marketing agency dedicated to growing small businesses with effective digital strategies. We’d love to help you reach your business goals and be a part of your brand’s growth. Please email us firstname.lastname@example.org or please get in touch with using the form below to book a free consultation with us.