Disclosure: WHSR is reader-supported. When you buy through our links, we may earn a commission.
Practical Website Security Needs: 6 Things Must-do to Secure Your Website
Updated: May 04, 2021 / Article by: Timothy Shim
With over one billion websites on the Internet today, as an owner of one of those sites, you might be thinking that there isn’t much chance that a cybercriminal might target yours. However, before we even come to that, let’s step back for a moment and consider what your website means to you.
As an individual, you might just own a personal website or even a tiny business online that you think is negligible. There is a value in everything and even a tiny site holds some sort of data. Perhaps a login name and password that you use across all your online accounts? If you own a small business, your website represents your brand and reputation, along with tons of more valuable information that not only belongs to your, but also your customers.
If you’ve come across articles from Forbes, The Economist or any number of Internet security companies out there today, it’s highly likely that you’re aware of the term ‘Data is the new Oil’. It has become one of the single most valuable assets available online today (and hence we see the rise of VPN) and just like anything, can be stolen and traded or exchanged.
Cybercriminals won’t care if your website is tiny, they use tools that run free testing every site they come across, simply collecting information. If they can’t use the information, they can always sell it to someone else who can.
Since most us do not physically own and maintain the equipment that we host our websites on, we’ll be looking at the non-physical aspects of website security. This involves two main areas; 1) securing the website itself and 2) securing the data that your customers provide to you.
Keep in mind that anyone who visits your site can be considered a customer, not just those who are making purchases from you.
1. Keep your scripts and tools up to date
Make sure your site platform and any other scripts you’re running are up to date. Every software known to mankind is released with bugs and possible security loopholes. Even those that are kept updated will have these loopholes. All it takes is a single vulnerability and cybercriminals will be able to gain access. By ensuring that you perform regular updates, the chances of security loopholes being exploited are reduced.
This is especially important for those who are using website tools which are open source. By their very nature, open source tools leave themselves vulnerable to those who are looking for exploits. To combat this, there are numerous tools that you can use to help you check.
Scan My Server offers a free security testing service you can try. Just enter your site URL and it will help you to scan for security weaknesses such as cross site scripting, SQL injection and many other vulnerabilities. The first site you scan is free, but if you have more than one, then there’s a small fee involved.
Another option is Web Inspector, although this is much more limited. Web Inspector will help you scan for Malware that might be infecting your code. It’s also unfortunately limited to scanning a single page at a time. The tool is quite good though, having been developed by security company COMODO, which is a specialist in Internet security solutions.
2. Come up with secure passwords
I can’t even remember how many times this issue has come up already, but for some reason so many users come up with passwords that cybercriminals can even guess if they wanted to.
Hacking tools are so sophisticated today that the 6-digit pin number passwords of the past now seem like a joke. Come up with a password that combines uppercase and one lowercase characters, special characters and digits.
If you REALLY can’t remember your passwords, try using a password manager to help you keep track.
Be aware though that again, these are applications and as such can also be hacked into.
Many people are still not aware very of HTTP and SSL, but as a site owner these are important.
For those who are running online shops or performing any kind of transactions for your customers online, SSL is NOT optional. SSL certificates can be obtained from many sources but your best bet is to get one from a reputable provider such as SSL.com.
Alternatively, many web hosting providers such as A2Hosting and GreenGeeks also act as a third-party re-seller and can sell them to you.
No matter how we, there’s always the chance of Murphy’s Law occurring and while that just sucks, it does help to be prepared. Keeping at least two sets of backups is ideal, one onsite and one offsite. The important thing is to keep the data constant so that there is business continuity in case of any attack or even file corruption. Keep in mind that this applies to the information in your database as well, not just your site files.
Again, many web hosting providers today offer this service. Some perform basic backups for free, but if your business reputation depends on your website, it might be a good idea to consider more comprehensive plans.
5. Keep your customer information safe
The digital century is one that comprises of great advances in technology, but that means as people digitize, more of their personal information than ever before is moved online. As a business, your responsibility is to ensure that you help them keep the information that they’ve shared with you as private and secure as possible. This not only includes payment information such as credit card numbers, but also personal information, including names, identification number and so on.
This is where what we discussed earlier about SSL partially comes in. SSL, or Secure Socket Layer is what keeps information secure during transmission from one point to another. Unfortunately, SSL only keeps the transmission safe. You still must make sure its secured once it reaches your website!
If possible, don’t store sensitive data if you don’t need to.
Since that’s practically impossible to do, this is where encryption comes in. Some platforms such as WordPress come with password encryption for user accounts and other bits of information. This is basic, but not ideal. If you’re hosting your own website on a self-owned server, there are multiple ways you can set up encryption on your own. For those who are renting hosting server space, this is again where you’ll have to revert to your hosting provider.
6. Secure Your Data Transmission with a VPN
Although there are many options where encryption or other safeguards come in to play, there isn't any other option that secures your data transmission better than a VPN service (Learn more about this in our VPN Guide). These great service providers are designed to make sure that your data is routed through secure channels and highly encrypted.
With a single subscription to an always-on services like NordVPN or RitaVPN, you can make sure that any sensitive information you're sending or receiving such as passwords, business emails, quotations, and more are safe. For website owners who are highly mobile, this is crucial to do since WiFi connections are notoriously unsafe.
Other options to boost your site security
Even the best security plans you lay out may not keep cybercriminals at bay. If the thought of having to go through all the steps above to keep things safe is starting to give you a headache, don’t worry there are other options.
Today, there are multiple ways in which you can get help from experts at a fraction of the price it used to cost. Let’s take a look at three website security companies: Securi, Incapsula and Cloudflare.
Sucuri is a very reputable web security services provider and offers a whole range of services from as low a price as $US16.99 per month. For a monthly fee, Sucuri offers everything from website security and monitoring all the way to a disaster recovery plan. Complete peace of mind all wrapped in one nice, secure package.
Incapsula is similar to Sucuri and also offers similar solutions to both Sucuri and Cloudflare, but its pricing plans seem less structured. There are no outright tiers and pricing is based on requests for quotations. Each product Incapsula offers seems to be individual components, so those hoping for a reasonably priced ‘all-in-one’ solution might have to look elsewhere.
Cloudflare is more well known by reputation as a Content Distribution Network (CDN), which is also primarily how it has built up a solid name in securing clients sites against Distributed Denial of Service (DDoS) attacks. Again, like Incapsula, Cloudflare pricing tiers are rather more obscure.
From simple do-it-yourself security fixes all the way to dedicated web security companies, there are so many options available for site owners today that in all honesty, ignoring the problem is criminal negligence. The issue of sky-high pricing is also a thing of the past, and almost all business today should be able to afford at least the very basics in security solutions.
Above all, start from your web host, which is the basic platform for your website in the first place. Make sure that you choose the host that is capable of offering you the right tools, and not just aim for the cheapest option.
Timothy Shim is a writer, editor, and tech geek. Starting his career in the field of Information Technology, he rapidly found his way into print and has since worked with International, regional and domestic media titles including ComputerWorld, PC.com, Business Today, and The Asian Banker. His expertise lies in the field of technology from both consumer as well as enterprise points of view.