What’s the Minimum Amount of Security Your Website Needs?
Online security shouldn’t just concern the consumers who feed their information into websites. It’s something the businesses that own sites should be worried about, too.
- 67% of small- and medium-sized businesses were attacked in 2018;
- 82% of those attacked had antivirus software installed on their systems;
- 72% had intrusion detection systems in place.
- We don’t have enough personnel to manage security;
- We don’t have enough money to pay for it;
- We don’t know a thing about security or where to start.
Find a Secure Web Host
Your choice of web host can affect your website in a number of ways, including how well it’s protected from hackers. For starters, if security is at all a concern for you (or the client you’re building the site for), then a shared hosting plan won’t be ideal. If any website on the shared server is attacked, it could easily spread to your own. Secondly, if your web host doesn’t prioritize security on its end, it’s a good idea to look elsewhere. While many web hosts do a good job of this, be wary of the ones who provide no information about their dataccenters, how their assets are secured, or what level of security has been implemented (e.g. physical facility monitoring, server firewalls, etc.). Finally, look for a web hosting plan with built-in security features. It’s not necessary for hosts to go above and beyond with this, but it’s a good sign when they’re willing to lend a hand.Use a SSL Certificate
One of those security features your web host should be able to throw in (even if it’s a paid upgrade) is an SSL certificate. It’s a form of encryption that turns a regular ol’ unsecured HTTP website: Into one with an extra layer of protection and an HTTPS address: You can see how my Chrome address bar calls attention to the differences in security. HTTP websites receive a “Not Secure” label while HTTPS get a trust mark either in the form of a lock or a green label. Google’s algorithm does something similar when it ranks websites, penalizing those without this security feature and rewarding those that have it.Use Well-Coded Software
While you may be able to control how you design or code a website on the front end, you may not have a lot of control over the code behind it all. What’s more, any time you add a new extension, the integrity of that code now has a chance to affect your site as well. To start, choose your software wisely, including:- Your website builder solution or content management system;
- Your theme or design template;
- Your extensions or plugins.
Maintain a Strongly-Enforced Password Policy
With each new application we add to our workflow, a new password needs to be generated. And while you might know that it’s bad practice to use the same or similar passwords across all applications, do your clients? Or anyone else with access to the website? A weak login is the easiest way for a hacker to get inside a website. By enforcing a password policy across the board, you can help safe-guard against brute force attacks. Now, some site builder solutions enable you to hide the login URL or to implement two-factor authentication. It’s a good idea to take advantage of those if you can. I’d also suggest requiring stronger passwords. A long string of letters, numbers, symbols, and capitalization will help hackers from being able to guess your users’ login information.Use a Spam Blocker
Even if spam isn’t too much of a concern, it’s a good idea to keep it from ever going near your website, even if just to remove the nuisance factor. To protect your contact and comment forms from spam, there are a few things you can do. You can use a spam-blocking plugin, which turns spam into an out-of-sight, out-of-mind matter. You can use a reCAPTCHA like the one used on this website: It’s just an extra step humans need to take to confirm their human-ness. You can also implement a honeypot. Essentially, it’s a hidden field laid down as a trap in a form. Humans can’t see it and, so, they won’t know to fill it out. Spam bots, however, will see it and fill it out.All-in-One Security Plugin
Ideally, your website should be running on a secure server. However, it’s not really the host’s job to ensure that your website is protected from every angle. To make sure your website is covered as much as possible, look for a high-quality, all-in-one security plugin. It should include things like:- A firewall
- Brute force protection
- Spam prevention
- User registration and access limitations
- Database and file security
Always Backup Your Files
Finally, don’t forget to have a backup system in place. If all of the security measures above fail, you’ll want a recent backup of the website you can fall back to in order to restore your website to safety. Some web hosts may include backups in your web hosting plan, but it’s also a good idea to automate the process with a backup plugin and then store frequently saved copies of your site in a safe and remote location (like a free Amazon S3 account).Why Website Security Should Concern You
Hackers are creative. They can get into a website from a comment form, through the login page, and from an exposed file on the backend (among other methods). If a vulnerability exists, they will find it. Unfortunately, when a website is left open to attack, it can have devastating consequences for a business:- Loss of control over the website
- Stolen records
- Loss of customer trust
- Damaged reputation
- Google blacklisting
- And more
Suzanne Scacca
Suzanne Scacca is a freelance writer by day, specializing in web design, marketing, and technology topics. By night, she writes about, well, pretty much the same thing, only those stories are set under strange and sometimes horrific circumstances.
Read Next
3 Essential Design Trends, May 2024
Integrated navigation elements, interactive typography, and digital overprints are three website design trends making…
How to Write World-Beating Web Content
Writing for the web is different from all other formats. We typically do not read to any real depth on the web; we…
By Louise North
20 Best New Websites, April 2024
Welcome to our sites of the month for April. With some websites, the details make all the difference, while in others,…
Exciting New Tools for Designers, April 2024
Welcome to our April tools collection. There are no practical jokes here, just practical gadgets, services, and apps to…
How Web Designers Can Stay Relevant in the Age of AI
The digital landscape is evolving rapidly. With the advent of AI, every sector is witnessing a revolution, including…
By Louise North
14 Top UX Tools for Designers in 2024
User Experience (UX) is one of the most important fields of design, so it should come as no surprise that there are a…
By Simon Sterne
What Negative Effects Does a Bad Website Design Have On My Business?
Consumer expectations for a responsive, immersive, and visually appealing website experience have never been higher. In…
10+ Best Resources & Tools for Web Designers (2024 update)
Is searching for the best web design tools to suit your needs akin to having a recurring bad dream? Does each…
By WDD Staff
3 Essential Design Trends, April 2024
Ready to jump into some amazing new design ideas for Spring? Our roundup has everything from UX to color trends…
How to Plan Your First Successful Website
Planning a new website can be exciting and — if you’re anything like me — a little daunting. Whether you’re an…
By Simon Sterne
15 Best New Fonts, March 2024
Welcome to March’s edition of our roundup of the best new fonts for designers. This month’s compilation includes…
By Ben Moss
LimeWire Developer APIs Herald a New Era of AI Integration
Generative AI is a fascinating technology. Far from the design killer some people feared, it is an empowering and…
By WDD Staff