Imagine that you live in an apartment or condo building, one of several buildings on a complex.
You have an access code to enter the gated driveway (along with everyone else who lives in the complex), a key card for the front door of your building (so does everyone in your building) and a key for your unit’s door (only one other key can open your door – a master key that the superintendent owns to open all of the doors in the building). The owner of the complex has access to the parking lot, all of the buildings and all of the units as well.
Who is responsible for security?
The owner needs to make sure that the entire complex is not accessible by anyone without an access code. Likewise, everyone who knows the access code is responsible for making sure nobody uses their code without authorization.
The superintendent ensures that only people with a key card can enter the building. Everyone in the building keeps their card safe and doesn’t make copies for their friends, or let just anyone enter the building.
You have a key to your door, and your superintendent has a key to your door in case they need to access your unit in an emergency. Like the front key card, you make sure not to lose your key or give it to random people to enter your home.
Everyone is responsible for making sure the apartment complex is safe and secure.
Everyone is responsible for making sure the internet is a safe and secure space.
Your website is like your apartment. If you have a shared host, you are one of many websites on the same server. You don’t have access to your neighbour’s unit (website) and they don’t have access to yours, but you share the same space.
The superintendent is like your website hosting provider. They have access to the entire shared server and are responsible for making sure no one enters the server or has access to your website files without permission.
The building owner is like the server itself. They are responsible for making sure the entire server is secure and no one enters without the proper authorization.
Why should I secure my website?
There are several benefits of making sure your website is secure, both for you and for your visitors.
If your website is hacked, it may show up as distasteful ads on your site, pages with messages proudly declaring that your site has been hacked by the attacker, or the visitor’s browser could warn them that your site is unsafe and that they should leave immediately. Visitors aren’t likely to come back to your site and you could earn yourself a reputation of not being legitimate or reliable. Google also rewards sites that are secure and will rank them higher than sites that are not.
Protect your clients and website visitors
When your clients complete a form on your website or provide payment details and other sensitive personal information, they are trusting that it is safe and secure on your site. If your site is hacked and their data is stolen, you will have a hard time earning back their trust.
Peace of mind
If you have ever experienced an attack on your website before, you probably felt vulnerable and worried that it would happen again, or were unsure of how to fix it and prevent the problem from happening again. When you’ve properly secured your website, you can relax knowing that you’ve reduced the chances of being attacked.
Why would anyone attack my website?
If you have a website for your small business, or you have a blog (whether it’s personal or for business), you may be wondering why you need to be concerned with keeping your website secure. After all, who would want to target your small business? Why would they go after you?
The short answer is often: because they can.
Typically these “attackers” are just automated scripts that scour the internet looking for open doors – outdated software, poor passwords and other vulnerabilities – so they can alter the code of a website (*any* website) for their own gain. It could be to steal user data, or they could be using your site to redirect to another site to earn money, or it could just be for fun, to see if they can do it and have their 15 minutes of fame.
On average, there are 44 attacks per day per website around the world.
What can I do to protect my website?
Although you can never 100% secure your website, there are steps you can take to greatly reduce the chances of being attacked. Here are 5 website security best practices to protect and secure your website:
- Backups: Make sure that you make a complete copy of your website including all files on a weekly or monthly basis at minimum. This way, if your site is ever compromised you can restore it to an earlier, safe version. There are a lot of great backup plugins available, depending on your level of experience and your needs.
- Updates: Keep your WordPress website up-to-date by installing updates of the WordPress core, plugins and themes as they become available. Make sure to create a backup before you update in case of conflicts that cause your site to break. Updates can be made directly from your WordPress Admin Dashboard. Also, make sure that any other software you’ve installed on your site is up-to-date.
- Strong and unique passwords: You should have a unique, hard-to-guess password on every single website and account. If you have a hard time remembering passwords, use an application like LastPass or 1Password to securely store all of your passwords in one place. Password managers can be used across multiple devices, making it easy to access all of your accounts on your desktop or phone, with just one master password.
- Firewalls and CDNs: Firewalls act as a gateway between your computer and any websites that you visit, or between potential hackers and your website. CDNs securely store copies of your website files to serve to visitors, which has the beneficial side effect of speeding up your website as well as keeping it safe.
- Continuous monitoring: Plugins can be installed on your WordPress site that will check for changes and differences in your files, and can also protect against both known attack attempts and suspicious behaviour. WordFence is a common security plugin that has both Freemium and Premium options. Watchful is another (paid) option for website security.
Don’t wait for your site to be compromised before you consider implementing these simple security tasks. Plan some time this week to go through your website and make sure everything is updated and secure, and set up a password manager for all of your accounts.
Are website updates one of those tasks you dread or just don’t have time for? Brand Web Design offers WordPress hosting and care plans that include regular plugin, theme and core file updates, security scans and nightly backups. Take a look at the available options and customize your hosting plan if this is something you’d like to outsource!
Another option is to use a hosting provider like FlyWheel that will secure your site and perform regular WordPress core updates. You’ll still have to update the theme and plugin files yourself, and install security software to scan for malware, but they do a lot of the work for you to keep your site updated and safe. They even have a deal that you get one month of free hosting if you sign up for an annual plan (click the image below to see their pricing).