UPDATE: This website security post was originally published on 5 July 2018 and updated on 9 February 2021.
Consumers place an enormous amount of faith in companies when they do business with them digitally, but the reality is, they’re facing a fight online. In June 2020, Prime Minister Scott Morrison urged businesses to improve their defences to combat a rising tide of state cyberattacks. Is it any wonder website security is on just about everyone’s mind?
Every Australian business has a responsibility to protect the data shared by their customers. Read on for a list of website security tips you can implement today.
5 tips for bolstering your website security
Ready to beef up your website security and start sleeping better? Implement these five security strategies.
1. Use a reputable web host
A quality web host is your first line of defense against cyberattacks on your website. So rather than opt for the cheapest host, do your homework and invest in a solid hosting package with a reputable host.
Hosting is what makes your website visible to people around the world.
Check that your web host supports the latest versions of basic web technologies, such as PHP and MySQL. PHP 7 is the official recommended PHP version for WordPress, which now powers 30 percent of all websites.
It’s also worth considering VPS or dedicated hosting. These ensure your website isn’t on a shared server — and not vulnerable to DDOS attacks on other websites sharing the same resources.
2. Ramp up your website security
Bad actors are using increasingly sophisticated tactics to break into websites. Their goal? Sometimes it's to steal customer data that can be sold on the dark web. Other times it's to gain access to a bigger company's network through your site. Regardless of their motives, the outcome is bad for your business.
But there's no need to hire a tech security expert when GoDaddy's Website Security suite provides end-to-end protection of your website with these features:
The Web Application Firewall (WAF) feature stops malware before it gets a chance to enter your website. It intercepts and inspects incoming data and removes malicious code, preventing damage from being done to your site (and your business reputation).
Malware scanning and removal
Website Security includes a scanner that checks your website for malicious content that could put your site, your customers, and your future prospects at risk. The product automatically scans for malware daily, alerting you when it finds something. All you need to do is submit a malware removal request and our team gets right to work.
Blacklist monitoring and removal
Likewise if your site is infected and blacklisted as a resulet, you will be notified of the problem and the GoDaddy team will work to get your site cleaned up and removed from the blacklist.
SSL Certificate protects private data
The included SSL certificate enables encrypted communication between your customers and your website. It helps to decrease the risk of losing sensitive information to hackers such as:
- Credit card numbers
The SSL helps to protect all the private data that is of most interest to hackers and thieves. But there's another benefit to having an SSL: Google heavily favors SSL-encrypted websites and pushes them higher in search rankings than those without, helping your business become more visible to new customers.
Advanced DDoS mitigation
The Distributed Denial of Service (DDoS) attack can bring down your website by overwhelming it with a flood of automated traffic. And every minute your site’s down, you’re losing customers and sales.
The advanced security monitoring and WAF features of GoDaddy’s Website Security suite prevent DDoS attacks.
BONUS performance boost
The Content Delivery Network (CDN) that now comes with all plans of Website Security improves your site's load time by up to 50%. It does this by storing your website content on multiple servers around the world, so it's always close to your site visitors.
[Callout]Faster is better when it comes to website load times.[/Callout]
Website Security can also protect your website from various attacks like brute force, injection flaws, cross-site scripting, and zero-day attacks. It keeps hackers from accessing your system, stealing sensitive data, and causing possibly catastrophic loss to your business.
3. Use strong passwords
Always create and use strong and unique passwords — preferably based on pass phrases — for your website, email and any other accounts associated with your online business.
Like usernames, passwords are another piece of the puzzle for hackers to guess. The stronger your password, the more difficult you make it for hackers to successfully log in to your website. If you use WordPress, it will automatically force a strong password during installation and ask you to check a box if you enter a weak one on purpose.
If you need a hand coming up with a strong password, read this for tips. Or use a tool like Secure Password Generator — it will create strong passwords for you. Be sure to keep them safe and don’t share them with anyone.
4. Add two-factor authentication
Even with a strong username and password combination, Brute Force attacks can be used to guess your log in details. This is where two-factor authentication can help.
Two-factor authentication introduces another step in the login process. You still enter your username and password, then you’re asked to enter a code that is sent to your mobile device or authentication app. This thwarts automated Brute Force attacks designed to crack your username and password combination.
GoDaddy, for example, provides two-factor authentication as an option for all its user accounts. WordPress users can add this extra layer of security to their websites with plugins like Two Factor Authentication.
5. Keep all software up-to-date
Ensuring all software you use for your website — including your Content Management System — is up-to-date and running on the latest version is one of the easiest ways to protect your site from attack.
Only download and use software (such as WordPress plugins and themes) from credible, reputable sources, such as premium providers. While it might be tempting to use free software, sometimes dodgy developers insert malicious code, which would compromise your site.
Lastly, only keep software on your site that you’re actually using. The more unused software you have, the higher the risk of getting hacked. So review your site regularly to ensure it’s lean and running on essential software.
Website security is your responsibility
Like filing tax returns or submitting business activity statements, digital security is another important facet of running a business that SMBs need to prioritise. It’s not something you can simply put in the too-hard basket — not when 20 percent of Australian SMBs have already suffered a cybercrime event. Businesses are spending literally thousands of dollars each year cleaning up after hackers who penetrate their sites.
Hopefully, the tips above have given you a basic understanding of website security. If you’re new to securing your website, start small and keep building. Update your password with a strong one, and then move on to the next tip you feel you can tackle. If you feel out of your depth, get in touch with your web host for advice. It’s far better to be proactive than wait for a hacker’s attack.