10 Things You Can Do TODAY
To Protect Your Website

Did you know it's estimated that 60% of small business's whose website is hacked do not survive the experience? It makes sense, really. If your customer's sensitive information is compromised on your website you've probably lost their trust permanently. Then there's the cost of cleaning your site up and recovering it, which can be pretty expensive. Add to that the fact that as soon as Google figures out your site has been infiltrated you're removed from search results and a beautiful tag that says something like 'This Site Has Been Compromised' appears next to any online listing you do appear in. You can see why website security is so important.

I'm a real stickler about this particular subject. The website for my long time service business was hacked several years ago, before I started offering web services professionally, and it was a real pain in the backside. The website was recovered and cleaned up and we survived the experience but it was expensive, messy, time consuming and extremely uncomfortable. Hence, I have several layers of security built in to all of my websites and any website that I manage. I simply don't want to have to deal with that again. So...what can you do to enhance the security for your website? Here's 10 steps you can take right now to make your site safer and more secure and to hopefully avoid the whole thing:

1. Passwords need to be created with security in mind. I'm talking about any passwords that may be linked - directly or indirectly - to your website. Examples include the admin panel, email, user accounts, the hosting account, your registrar account (such as GoDaddy, etc.) and any accounts where you purchase and/or manage themes, plugins, etc. Check out my blog post about Safer Passwords for more info.
2. Malware Protection is an absolute must. Malware - or more specifically the virus's and/or adware that malware introduces to your site - is responsible for about 60% of all website hacks and can result in a variety of different problems, none of which are good. This is one of the main culprits for compromising your customer's personal info. I like a program called Malwarebytes, tho there are several to choose from.
3. A valid and up to date security certificate (SSL) is crucial - not only for website security, but also for SEO and user confidence. Google now penalizes any website that does not have SSL. See my post about SSL for more info.
4. Updated themes, plugins, widgets, etc. Technology is always expanding and growing. With that, the things that we use to build websites need to expand and grow with them in order to continue to function and operated correctly. Many of these updates are security related which makes them even more important. I REALLY recommend website maintenance to everyone who owns a website. I charge $100/month for my WordPress website maintenance service which includes keeping everything updated along with a security protocol check that helps ensure nothing weird is happening behind the scenes. Check out my post about website maintenance to better understand why it's so important.
5. Cloudflare is a cloud based, layered security solution where they use firewall (WAF), SSL / TLS encryption, DDoS protection, rate limiting, and DNSSEC to better secure websites. That's a lot of geek speak but what I'm saying is that I really like it and use it for all of my sites. There's a free option and some paid options. I only use the free plan and love the easy configuration options and analytics that are included.
6. Sucuri is a website security service that is second to none. I use it on all of my WordPress sites, but they offer solutions for just about any website platform including Joomla, Drupal, Magento, Microsoft.net, phpBB and Bulletin. Again, there is a free plan available as well as paid plans.
7. Email is one of the easiest ways for hackers to get to you. I use Google G Suite for all of my business email. It's based on the Google gmail platform but has additional apps and configuration options for business owners that makes is a great overall business tool. Many email clients work as sort of 3rd party applications, which means your emails have to go thru extra hoops and loops to get to where they are going. Not only does that make the delivery of email slower but it also makes it less secure. Google's email platform doesn't use or require any other apps or services and has outstanding spam filters. I think it's probably about the safest and easiest to use of any email program. Read my blog post for more info about Google's G Suite.
8. All website hosting companies are not the same. I know because I've used several hosting companies and the differences are enormous. A few years ago I checked out WP Engine on the advice of a friend and don't see myself changing any time soon. No - it's not the $4/month hosting that you hear about. And no - it don't stink, either. Those cheap hosting plans just can't stack up in many different ways. WP Engine offers better security within their platform along with automatic backups, free SSL certificates, outstanding tech support and a host of other perks that you can't get on the cheapy plans. I can't recommend them highly enough and have written a post to provide more info about Managed WordPress hosting with WP Engine.
9. Backlinks are one of the hardest parts of website SEO (search engine optimization) as well as one of the most important parts. However, that DOES NOT mean that all backlinks are good. Many, in fact, are bad for your website. Be cognizant of what any specific backlink stands for. Where does it go, what sort of sites might be apt to backlink to and from it. What sort of folks may gravitate to those sort of sites. Google will penalize your site for spammy backlinks and that will usually include any backlink that you pay for. While we can never fully guarantee that any backlink will never have a problem, the odds will certainly go up with backlinks that lead to unsavory places.
10. Be extremely careful of who you provide login credentials to for your website admin panel or any other sensitive stuff. Obviously you want to make sure that this person is honest and be as sure as possible that they won't knowingly try to rip you or your customers off. But - just as importantly - you need to make sure that they know what they're doing and don't cut any corners with what's known as black hat SEO or bad backlinks. Even if they are really just trying to help, doing the wrong things can expose your website and undo everything else you've done to make your website secure.

I hope this article helps you have a safer and more secure website. And I hope that if you need help with your website and/or online presence you'll consider Websites That Work as your online solution. Please share - Thanks!

John Goldshot