Who is Responsible for your Website Security?
And the first thing to consider is you need to understand who is ultimately responsible for your website security. And I’d like to give you an analogy so that you can understand it. I want you to think of your website as being a bit like an apartment block.
Now, your hosting company is going to be…that’s us. We’re going to be responsible for ensuring the front doors and any other entrances or exits are fully secured, and we’re going to make sure that all the facilities are up-to-date, everything’s safe and functioning properly and how it should be.
However, what we can’t do is we can’t control what happens inside each apartment room within the block. So, ultimately, you are going to be responsible for what happens within your hosting account.
So, I hope you can understand that analogy.
How Do Websites Get Hacked?
In terms of how hacking actually happens, unfortunately hackers are not publishing how they operate and that type of thing.
But usually what they do is they’re just looking for weaknesses, and they’ll use all sorts of automated tools.
It’s nothing personal and not sort of coming and picking on you or anything like that.
Usually, it’ll be some tool that’s going out there, and it’s just looking for weak areas, weaknesses, things that it can exploit.
But once they’ve got control of your hosting, then they’ll do all sorts of damage.
They’re going to try to maybe deface your website. They might use your hosting account to start sending out bulk emails, phishing emails, this kind of bank ones they’re trying to access your PayPal account, or your bank account, or whatever it may be.
Or they could use it for things like a DDoS, dedicated denial-of-service attack which is basically where they’re trying to bring another website down through volumes of traffic. And they just use loads, thousands and thousands of exploited machines to start sending visits to that particular web server to try to bring a website down or interrupt service.
How Can You Protect Your Website from Hacking?
So how can you protect yourself?
#1 – Automated, Regular Backups
Now, the first thing that you should do, this isn’t really to do with the security, this is just belt and braces to make sure that you are prepared, and that’s to make sure that you’re performing regular automated backups.
And the key word there is automated, because data backup, that really is your first line of defence, because if you have got access to your data, if you can recover, then the chances are, yeah, you might have a bit of downtime, but you’re going to recover. It’s not going to be too expensive for you.
And there’s all sorts of ways that you can manually back your data up if you’re using a hosting service like cPanel. It has built-in backup facilities, and so you can just do that manually from time to time.
However, a better approach is to set up an automated backup. And, as a value-added service, things like R1Soft automated backup, we offer that.
You can just basically pay for that, and your data’s safe. It will just do it. You can set it and forget it, and it will just continually be backing up your data to make sure it’s absolutely safe. And it keeps multiple copies of it.
So, that’s the first thing. Just make sure that you’re backing up your data.
#2 – Keep Software Up to Date
The next thing, and this is a very common issue that we see a lot of times with a lot of websites, and that is to make sure that you’re keeping your website’s software up-to-date.
If you’re not a technical person, then you might be thinking, “Well, hold on. I’ve got my website. I’ve published it. What do I need to update it?”
Well, if you’re using a tool like WordPress or maybe an e-commerce platform, like Magento or PrestaShop, something like that, or you’re using another type of content management tool, like Joomla or Drupal, these are what are known as open-source software.
And the beauty of using these tools is that they’re free.
However, they do get updated quite frequently, because the people who write them in the open-source forums, what they’re doing basically is ensuring there are extra features coming to their software, making sure that they’re plugging any security gaps, and that’s really important.
So, often the software that you’re using does need to be updated from time to time.
Also, if you’re using things like plugins, if you’re using software like WordPress that has plugins for extra features so that you can do more with your website, these need to be updated as well from time to time.
Now some software, like WordPress, you can automate that so it just automatically updates it to the latest version.
If you’re using plugins, though, you probably need to manually do that. It’s a low cost to do this – it’s free effectively, but you need to be aware of it, you need to make sure that your plugins and that your software is being updated.
#3 – Difficult Passwords
Third, just basic stuff here, just use difficult-to-break passwords.
And I know that having a number of different passwords these days is absolutely essential.
But for things like emails, if you’ve got email@example.com, don’t use the password like bob123. Try to use something complex. Use characters. Use numbers. Use uppercase. Use lowercase. Try to make it as difficult as possible.
You can use tools like RoboForm that will automatically manage all of your passwords and login credentials. But just be aware that passwords are a really easy one for hackers to go for.
#4 – Switch to Secure HTTPS Hosting
Next, we’ve got HTTPS, switching your website to HTTPS.
HTTPS is a secure version of HTTP. HTTP basically is Hypertext Transfer Protocol, which is what the internet runs on.
And you’ll notice that up in the browser bar you may see a padlock area or a green area, this is the HTTPS. This is when you’ve switched to secure browsing.
Now up until recently or, if I say fairly recently, a few years ago, this would usually only be reserved for areas where you wanted to pass confidential data between somebody’s PC, or Mac, or whatever it was, their browsing device, and the actual server where the website is hosted.
And this would be, for example, credit card details or login details, that type of thing.
And the way that HTTPS works is you’ll need an SSL certificate. These are very low-cost, and you can even get free ones as well, like LetsEncrypt which need to be renewed for every few months. But effectively it’s a very low-cost option.
And the way that it works is, when you switch to HTTPS, it creates an impregnable encrypted link between the browsing device via your PC and the actual web hosting server where the data is stored.
So, there’s a link between the two that’s created. It can’t be breached by hackers and third parties. So, you’re effectively creating a secure link between the two devices.
And increasingly there’s a switch to HTTPS across the internet, and a lot of this is being driven by Google. In fact they’ve actually stated that HTTPS is one of their ranking factors these days, one of the factors that they consider when they determine who’s going to get the top ranking in their listings.
So, if you haven’t switched to HTTPS, you could get an immediate jump, an immediate increase and improvement in your rankings just by doing this.
Now, we’ve got lots of content on our blog. I’ll be talking about this in more detail in a different podcast, but, essentially, the key point I want to get across to you at the moment on this one is that switching to HTTPS is important.
It’s important to secure your website. It’s not going to stop hacking, but it’s going to basically improve the overall level of security that you’ve got on your website.
And, apart from anything, Google is going to give you a big tick in the box, going to give you lots of Google love. So, definitely worth thinking about there.
#5 – Use a Web Application Firewall
And then, finally you could set up what’s known as a Web Application Firewall or WAF for short.
Now, think about this as being almost like an antivirus for your website. You wouldn’t dream of browsing on the internet without having some kind of antivirus on your PC, or your device, or your Mac, or whatever it is, and it’s the same with your website.
Why not do the same for your website?
Because what it will basically do is it will pick up if there are any threats. It will pick up if there are any malicious traffic events coming to your website. So, it’s a very good way of putting off the hackers and helping to prevent it on an automated basis.
And what will happen is that you actually get a little security shield.
There’s services like SiteLock that you can get, and we sell that. And, basically, just install some code on your website, and it monitors it, and it keeps your website safe.
But it also shows a little seal that you can show to your customers to show that your website is safe from hackers, that it’s been updated, and it will show the date on there and what have you.
So it’s a really good way to ensure that your website is up-to-date. And with these tools like SiteLock not only do they identify the threat but they can also eliminate it. So, you can rest assured you’re going to sleep well knowing that your website is safe and secure.
So, those are the basics on how to secure your website. I hope you found that useful. Keep listening. I’ve got loads of great content for you, and I look forward to speaking to you again soon. Thank you very much then. All the best.