10 Best Practices for Website Security

10 Best Practices for Website Security

What is Website Security?

Website security is, in a nutshell, systems and processes that will keep your website secure. It is what protects you and your clients, website visitors, or members from getting hacked or having personal information stolen. 

In 2022, websites are “attacked” on average 172 times each day. A portion of this is malicious hacking, and the rest are generally bot crawls that are just checking site stats. However, it is incredibly hard to tell one from the other. If your website is not adequately secure, it could become inaccessible or worse, you lose sensitive data. 

If this sounds like a scary nightmare don’t worry. Straight from a website design and development company, here are 10 things that you can do that will boost your site’s security – helping you sleep at night.

 

Best Practices for Website Security

1 – Change your passwords regularly

If you can’t remember the last time you changed your password to access your website, it’s time to change it.

Make sure that any password you use is a “STRONG” password. You can use an online password generator to create a good one, and programs like “Last Pass” to store passwords so you don’t forget. 

 

2 – Two factor authentication

This is somewhat related to passwords, but it’s a step further that protects you and your organization from fraudulent sign-ins. Be sure to enable two-factor authentication whenever it is possible. 

 

3 – Security Certifications

You can tell if a website has a security certificate by its address. If the website URL starts with HTTP (no “s”) the site does not have this layer of security and you should not submit any personal or financial information. A website that has an SSL or TLS security certificate will begin with HTTPS. 

Today, TLS (Transport Layer Security) is the standard now and is essentially indistinguishable from SSL (Secure Sockets Layer). It is important to have this layer of protection because this is what encrypts the data that you send from your site to a server.

 

4 – Secure Hosting

If your website is hosted by Three29, no worries, the hosting platform is secure. If you host your own site, verify that the hosting company covers these items:

  • They offer SSL Certificates
  • They keep site backups that can be restored remotely
  • They protect against DDoS or a Denial of Service attack

 

5 – Scan for Malware

If your site is managed by Three29, will handle this. If not, make sure to find a good option through your hosting company or other program. Conduct scans at least once a month.

 

6 – Keep Plugins, Themes, and WordPress Versions Updated

It is important to make sure that, just like your phone, your site functions are up to date. Generally these updates carry security patches – so it’s a must. And just like before, if we manage your site, this is done for you on a regular basis. 

 

7 – Limit Login Attempts

One sly trick a hacker can use to try to get into the back-end of your site is called a brute force attack. It is accomplished by using a bot to attempt 100s of password combinations a second on your login page. There are plugins that can stop this from happening. And I’m going to say it again… Yep, if we manage your site, it’s done. 

 

8 – Block Directory Indexing

This one is a little more technical. We take care of block directory indexing for all of the websites Three29 manages. If you aren’t a client, this one requires a developer. 

 

9 – Lock Down Access to the WordPress Dashboard

If you have multiple users that have access to your site. It’s a good idea to only give the most trusted users who need it “Admin” access. All others should get access at an appropriate level to what they will be doing on the site. For example, they could have an “Editor” status. 

 

10 – Finally, Monitor your Site

If your website is part of our Active Hosting plan, the team at Three29 will keep an eye on your site throughout the month. But it’s important that you keep an eye on it also. It’s not always a big obvious breach if you get hacked and you may be the only one with the eye to notice. 

 

Find Confidence in Your Website Security

Three29 is a marketing, website design and development company based in Sacramento, CA. We will always do our due diligence to keep our client’s sites secure and their user data safe. But if you aren’t a client we can’t help yet. To talk to us about how we can help keep your website secure, reach out to Three29 today! 

Related Blogs