Website security is always changing. It’s an attack and counterattack industry, where security is always getting better, hackers find a way around it, and then these gaps are patched, ideally resulting in ever-improved security.
Here are some website security best practices that you should be following now:
Implement HTTPS immediately
No matter how simple your website, if you still aren’t using HTTPS in 2021, you are behind the times. HTTPS is so universal that it now does more than security — Google now takes site security into account for search rankings. Additionally, HTTPS is such a widely adopted standard that most browsers will now explicitly tell visitors that a website is NOT secure when it doesn’t have HTTPS, rather than merely pointing out the extra security of HTTPS-enabled sites. Obviously, no online enterprise wants to put second thoughts into their visitors’ minds by being flagged as not secure.
Update software as often as possible
This goes for Content Management Systems, WordPress, any plugins, and any other systems that might be relevant to your site. Prompt here means within a week of release at the very latest. Things move quickly in web security, so a vulnerability may be discovered, exploited, and a patch released by the developers a couple of days later. If you tend to wait a long time between software updates, chances are your site is vulnerable.
Be careful about user permissions
The general rule here is that everyone who works on your site should have the least amount of privileges required to fulfill their duties. This minimizes that account’s ability to do harm should the account be compromised.
Use sensible password management
Every company has some employees that use “password” or “1234” for convenience. The best thing you can provide is education, as well as technical tools such as a password manager, if you believe that it would make your employees more likely to take password security seriously.
Back up often
If you have any problems, whether the error stems from your own development team or from hackers, you’ll be able to get your site back quickly. There are now a number of easy to use solutions, including some WordPress plugins that fully automate the backup process.
Use a web host that’s well-versed on security
At CanSpace, all hosting services include a web application firewall that protects against most hack attempts, and network-layer firewall protection against all types of DDoS attacks. A 160 Gbps anti-DDoS infrastructure has been set up in our data center to mitigate up to 480 Gbps of traffic, 24/7. Additionally, we back up all sites daily, so that if your local backup fails, you still have another failsafe for getting your site back and moving on.
Have a question about your web security, or the security of your site specifically? We’re here to help! Get in touch with us today!