How to Hack-Proof Your Website: Security Tips

Imagine spending hours on your website, carefully creating every page and post—only to have it hacked and all of your hard work ruined. Nobody wants to be in this situation, especially if they run a website where they collect user information and a breach can expose all that personal data. The first thing you should know about website security is that no website is immune to being hacked. There are steps you can take, however, to improve your website’s security and significantly reduce the chances of being hacked. First things first—choose the right hosting provider. Your website is only as secure as the platform that’s hosting it, so pick a well-known provider that prioritizes security. Look for hosting plans that offer the following: You should also be able to access your host’s file system or database with SFTP, SSH, PHPMyAdmin, or cPanel. Some of the best shared hosting providers for security include: Most content management systems use plugins to help you run your website (plugins are why you don’t have to know how to code to build a website). There are plugins for almost anything you want to do with your site, including security plugins. Before you start designing your homepage or choosing your fonts, install and configure your security plugins. Depending on which CMS you use, the best security plugins will differ. If you’re using WordPress, some of the most highly recommended are: Make sure your website’s security plugins have features such as a firewall, IP blocking, limiting users who can log in, and encrypting key files. Downloading and installing an SSL certificate implements the HTTPS protocol on your website. You may already know that sites with HTTP aren’t secure, whereas those with HTTPS are. Most browsers have a lock just to the left of the URL in the address bar, indicating that the website has HTTPS and that it’s secure. HTTPS is just as important for website owners as it is for website users. It protects information that your site exchanges with your users from prying eyes. SSL certificates aren’t expensive or difficult to install, and the added security will protect your and your users’ information. As with software and operating systems, websites are more secure when they’re updated. Keep everything on your site current: plugins, themes, the CMS, etc. Depending on your CMS, you may be able to enable automatic updates for your plugins and themes. Also, make sure you’re receiving notifications when a component of your website needs an update. Some security plugins will send you an email when vital updates are needed. We mostly think of using a VPN when browsing the Internet, but you should probably use one whenever you’re editing your website too. A VPN encrypts your traffic so any hackers won’t be able to see the information you’re sending and receiving as you make changes to your site. Using a VPN also has a non-security bonus—you can use IP addresses from around the world to check on your site’s SEO and search engine rankings. Something as simple as your password can mean the difference between a secure site and a hacked one. For your CMS password, hosting provider account, any other accounts you have associated with your website, choose separate passwords that are hard to guess. A series of random numbers, letters, and punctuation marks is the best, and you can use a password manager such as 1Password or Bit Warden to keep track of them. Make regular backups of your website and do a backup every time you’re about to change something. Good hosting providers will do backups for you, and there are plugins you can use as well. Many of these features will do automatic backups for you on a regular basis, so you don’t have to do it manually. One of the most common hacks website owners experience is a hacker breaking into their site, encrypting their data, and demanding a ransom to release it. If you have a recent backup, you can restore your site and don’t have to pay the ransom. One of the most important things to remember about website security is that it’s ongoing. Website security isn’t done after you set up your site and install your plugins; you have to monitor your site security regularly. Do security site audits to ensure you’re keeping threats away. Having your website hacked is scary, and you’re right to be worried about it. But if you implement the security tips mentioned above, then you can rest a little easier knowing your website has some protection against common security threats