People who are newer to the internet or newer to websites and owning one, might not really know how important it is to have a secure website. Not only is it important on your part, but if you have sensitive information of yours or your clients on your website or you have an ecommerce website, it’s important to keep other people’s information safe too. Some of these tasks on this checklist are easy and can quickly be done by you, while others you might need to hire someone to do it for you. Either way, it’s important that you make sure your entire website is buttoned up so that no malicious person, bot, machine or software can gain access to the website.
– If you have any files or downloads on your website, make sure that they are ALL secure. Make sure none of your files are on “full write” permissions. In all actuality, even though it sounds scary, a hacker can easily go in and change the file to something else. So if you have a download for an eBook, software, whitepaper or anything else, always make sure it’s secure.
– Stay up to date! Some people have programs like WordPress, Joomla or WordPress and they never do an update when one is available, for whatever reason. These platforms do updates because they have found security leaks or a weakness in that specific version. They allow you to update (for free) because they want you to be safe and your website be safe in case of an attack.
– Make sure you delete any past users on your website that are no longer using their accounts. It can always be added at a later time if need be, but in reality these extra accounts might be a really easy way for hackers or modders to gain access to your website. Just don’t delete your admin or main admin!
– Keep all of your databases separate. If you tend to have a whole collection of websites and you think using the same password for access to all sites is smarter – you are wrong! It’s the same reason banking institutions make you use a whole new password to gain entry to your account online that you have not and will not use anywhere else. If a person hacks your website or figures out a password to one of your websites and you are using the same passwords and usernames for all your websites, well, you can only imagine what happens next. Instead of just one website being compromised, they are all compromised. It’s a big mess to clean up.
Keep your stats in check
Most of the control panels these days have some sort of stat checker to watch the people visiting your website. If you tend to have long periods at a time (say a week) where you have people from the UK visiting, because that is primarily your audience and they primarily come from Facebook or another social site, and then one day you have 3,000 visitors from Russia and from a website you know you have never been on before – this could be an attempt on your website. Look out for weird things like this.
– Blacklist when necessary. Sites like WordPress allow you to have full control over your website. If you find that someone is spamming your website in the comments section or that they are harassing you in any way – ban them!
– Remember to make changes and don’t always use defaults on sites like WordPress or Drupal. For example, if I set up a WordPress website for carloans4u.com WordPress might give me the username carloans4u. But, you don’t necessarily have to keep this username and it’s probably better if you don’t because it’s going to be easier for hackers – then all they have to do is figure out your password. Instead use something like CarLoanAdmin or BobAdmin or whatever is relevant and that you can remember.