What’s the Minimum Amount of Security Your Website Needs?
Online security shouldn’t just concern the consumers who feed their information into websites. It’s something the businesses that own sites should be worried about, too.
- 67% of small- and medium-sized businesses were attacked in 2018;
- 82% of those attacked had antivirus software installed on their systems;
- 72% had intrusion detection systems in place.
- We don’t have enough personnel to manage security;
- We don’t have enough money to pay for it;
- We don’t know a thing about security or where to start.
Find a Secure Web Host
Your choice of web host can affect your website in a number of ways, including how well it’s protected from hackers. For starters, if security is at all a concern for you (or the client you’re building the site for), then a shared hosting plan won’t be ideal. If any website on the shared server is attacked, it could easily spread to your own. Secondly, if your web host doesn’t prioritize security on its end, it’s a good idea to look elsewhere. While many web hosts do a good job of this, be wary of the ones who provide no information about their dataccenters, how their assets are secured, or what level of security has been implemented (e.g. physical facility monitoring, server firewalls, etc.). Finally, look for a web hosting plan with built-in security features. It’s not necessary for hosts to go above and beyond with this, but it’s a good sign when they’re willing to lend a hand.Use a SSL Certificate
One of those security features your web host should be able to throw in (even if it’s a paid upgrade) is an SSL certificate. It’s a form of encryption that turns a regular ol’ unsecured HTTP website: Into one with an extra layer of protection and an HTTPS address: You can see how my Chrome address bar calls attention to the differences in security. HTTP websites receive a “Not Secure” label while HTTPS get a trust mark either in the form of a lock or a green label. Google’s algorithm does something similar when it ranks websites, penalizing those without this security feature and rewarding those that have it.Use Well-Coded Software
While you may be able to control how you design or code a website on the front end, you may not have a lot of control over the code behind it all. What’s more, any time you add a new extension, the integrity of that code now has a chance to affect your site as well. To start, choose your software wisely, including:- Your website builder solution or content management system;
- Your theme or design template;
- Your extensions or plugins.
Maintain a Strongly-Enforced Password Policy
With each new application we add to our workflow, a new password needs to be generated. And while you might know that it’s bad practice to use the same or similar passwords across all applications, do your clients? Or anyone else with access to the website? A weak login is the easiest way for a hacker to get inside a website. By enforcing a password policy across the board, you can help safe-guard against brute force attacks. Now, some site builder solutions enable you to hide the login URL or to implement two-factor authentication. It’s a good idea to take advantage of those if you can. I’d also suggest requiring stronger passwords. A long string of letters, numbers, symbols, and capitalization will help hackers from being able to guess your users’ login information.Use a Spam Blocker
Even if spam isn’t too much of a concern, it’s a good idea to keep it from ever going near your website, even if just to remove the nuisance factor. To protect your contact and comment forms from spam, there are a few things you can do. You can use a spam-blocking plugin, which turns spam into an out-of-sight, out-of-mind matter. You can use a reCAPTCHA like the one used on this website: It’s just an extra step humans need to take to confirm their human-ness. You can also implement a honeypot. Essentially, it’s a hidden field laid down as a trap in a form. Humans can’t see it and, so, they won’t know to fill it out. Spam bots, however, will see it and fill it out.All-in-One Security Plugin
Ideally, your website should be running on a secure server. However, it’s not really the host’s job to ensure that your website is protected from every angle. To make sure your website is covered as much as possible, look for a high-quality, all-in-one security plugin. It should include things like:- A firewall
- Brute force protection
- Spam prevention
- User registration and access limitations
- Database and file security
Always Backup Your Files
Finally, don’t forget to have a backup system in place. If all of the security measures above fail, you’ll want a recent backup of the website you can fall back to in order to restore your website to safety. Some web hosts may include backups in your web hosting plan, but it’s also a good idea to automate the process with a backup plugin and then store frequently saved copies of your site in a safe and remote location (like a free Amazon S3 account).Why Website Security Should Concern You
Hackers are creative. They can get into a website from a comment form, through the login page, and from an exposed file on the backend (among other methods). If a vulnerability exists, they will find it. Unfortunately, when a website is left open to attack, it can have devastating consequences for a business:- Loss of control over the website
- Stolen records
- Loss of customer trust
- Damaged reputation
- Google blacklisting
- And more
Suzanne Scacca
Suzanne Scacca is a freelance writer by day, specializing in web design, marketing, and technology topics. By night, she writes about, well, pretty much the same thing, only those stories are set under strange and sometimes horrific circumstances.
Read Next
Exciting New Tools for Designers, September 2024
This time around we are aiming to simplify life, with some light and fast analytics, an all-in-one productivity…
3 Essential Design Trends, September 2024
September's web design trends have a fun, fall feeling ... and we love it. See what's trending in website design this…
Crafting Personalized Experiences with AI
Picture this: You open Netflix, and it’s like the platform just knows what you’re in the mood for. Or maybe you’re…
By Simon Sterne
15 Best New Fonts, August 2024
Welcome to August’s roundup of the best fonts we’ve found over the last few weeks. 2024’s trend for flowing curves and…
By Ben Moss
Turning Rejection into Fuel: Your Guide to Creative Resilience
Rejection sucks. And for some reason, it’s always unexpected, which makes it feel like an ambush. Being creative is…
By Louise North
20 Best New Websites, August 2024
The overarching theme in this selection is simplicity. Minimalism never really goes out of fashion and with good…
Free AI-Website Builder, Scene, Helps With the Worst Part of Site Design
AI website design platform, Scene
As we’ve been hearing constantly for the last couple of years, AI will soon replace…
By WDD Staff
Exciting New Tools for Designers, August 2024
Welcome to the August toolbox. We’ve found goodies for designers, developers, project managers, domain admins, and…
3 Essential Design Trends, August 2024
As all the youngsters prepare to go back to school, you can tackle some learning too with these website design trends.…
How to Start a Creative Venture With No Money
Starting a creative venture with no money can be challenging, but it's definitely possible with the right approach and…
By Louise North
15 Best New Fonts, July 2024
Welcome to our monthly roundup of the best fonts we’ve found online in the last four weeks. This month, there are fewer…
By Ben Moss
The Power of the Human Face in Web Design
First impressions online are made in just a few seconds, so nailing your web design is crucial. Among the many elements…
By Simon Sterne