Website Security Guide

Author: Lars Lofgren / Source: Quick Sprout

How to make sure your website is secure

Your website is at risk.

I’m not saying this to try and scare you, but that’s the reality of the world we live in. More than 50,000 websites get hacked each day.

You can’t have the “it won’t happen to me” mentality. I encounter businesses all the time who feel this way. They think hackers have bigger fish to fry and don’t have any reason to target their website. That’s simply not the case. In fact, 43% of cyber crimes are against small businesses.

Roughly 54% of companies worldwide say they have experienced at least one attack within the last year. Just 38% of businesses say they’re prepared to handle cyber attacks.

I don’t have a magic crystal ball or some way to see into the future, but my gut tells me that cyber criminals aren’t going to just wake up one day and decide to stop hacking websites. So you need to take steps to improve your website security.

That’s what inspired me to write this guide. I’ll show you what needs to be done to secure your website today, in 2019.

Common website security threats

There isn’t just one way that websites get attacked. So before we proceed, I want to give you a brief overview of some of the most common threats to your website security. These are the things that you’ll want to avoid and be prepared for when taking security measures.

Spam

Usually, we perceive spam as something annoying. We all get spam emails delivered to our inbox or see the occasional spam popup when we’re browsing online.

However, sometimes spam is more malicious. Spam in the form of comments is extremely common on websites. Bots can hammer the comments section of your website with links to another site as an attempt to build backlinks.

While those types of comments are annoying and don’t look good on your website, they aren’t always damaging. But, some of those links might contain malware, which can harm your website visitors if they click on them.

Furthermore, Google’s crawlers can often detect malicious URLs and penalize your website for hosting spam. This will crush your SEO ranking.

Viruses and malware

For those of you who don’t know, malware stands for “malicious software.” So malware and viruses are essentially the same thing. Malware is arguably the biggest threat to your website. As much as 230,000 malware samples are created each day.

According to Statista, these are the most common types of malware used in cyber attacks across the world:

As you can see, malware comes in all different shapes and sizes. That’s why it’s such a big threat to your website.

These types of viruses are often used to access private data or use server resources. Criminals also use malware to make money with ads or affiliate links by hacking your website permissions.

With malware, both you and your website visitors are at risk. Someone visiting your site could click a link that downloads a malicious file onto their computer. It’s your job to keep your website secure and prevent that from happening.

WHOIS domain registration

Buying a domain name is like buying a house. The company that sells the house must know who they’re selling to and be able to contact them. This becomes public record.

The same goes for buying a website. Depending on the country you’re in, you’ll be required to release some information about yourself that’s recorded on WHOIS data. Outside of your personal information, this also contains information about your URL nameservers.

Hackers can use this information to narrow down the location of the server that you’re using. They can use this as a gateway to access your web server.

DDoS attacks

DDoS attacks deny access to users trying to visit a specific website. Basically, the hacker uses spoof IP addresses to overload servers with traffic. This essentially takes the website offline.

Now the host needs to scramble to get the server back up and running as fast as possible, which leaves the server vulnerable for malware.

Search engine blacklists

Technically, this isn’t a security threat. However, if your website isn’t properly secured, it can impact your SEO rankings.

According to a recent study, 74% of hacked websites were attacked for SEO reasons.

I briefly mentioned this earlier when we were discussing spam comments. If search engines detect malicious content on your website, your SEO ranking will suffer.

If lots of users are reporting your site as spam or unsafe, you could be added to a search engine blacklist. Once you’re on that list, it’s extremely difficult to get off.

How to keep your website safe

Now that you’re familiar with some of the most common security threats, it’s time to prevent them from happening.

You can’t just assume that your website is secure. If you haven’t done anything to beef up the security, it’s probably vulnerable for attacks. These are the steps you need to take to improve your website security in 2019.

Use HTTPS protocol

If your website isn’t currently using HTTPS protocol, it needs to jump to the top of your priority list. This essentially tells your website visitors that they’re interacting with the proper server and nothing else can alter or intercept the content they’re viewing.

Without HTTPS a hacker can change information on the page to gather personal information from your site visitors. For example, they could steal login information and passwords from users.

HTTPS protocol will also improve your search ranking. Google is rewarding websites that use this security measure.

This is comforting to people who visit your website as well. When they visit your site, they’ll see this next to the URL:

It’s secure and trustworthy. Now, compare it to a site that’s not using HTTPS protocol. The URL in the web browser will look…

Click here to read more