Every website no matter how big or small is vulnerable to cyberattacks. Often, there is a level of complacency amongst small website owners. We often hear things like:
“I don’t collect or store sensitive information, so there is nothing to hack.”
“It’s just a small website with static content, it will be fine.”
This isn’t true. Web security is something every small – medium website owner should take seriously, but often it’s only the enterprise level websites that make an effort to minimise the risk. Your website being attacked can cause you problems and have a negative impact on your business.
Impacts of your website being attacked:
Performance degradation – A compromised site can put strain on your resources, slowing down your site. This can frustrate your users.
Complete outage – A Distributed Denial of Service (DDOS) attack can take your website offline completely by directing an abnormally high amount of traffic at once to your website.
Blacklisting – If a hacker installs malware or known suspicious programs, your website will be blacklisted. This can be catastrophic for your reputation! All that hard work you put into SEO can be undone in seconds. Google will stop directing traffic to your website and browsers will warn users your site is vulnerable, advising them not to visit.
Got you worried yet?
Thankfully, there are some easy solutions which will significantly minimise the risk of your website becoming a victim. Another great thing is, these solutions are cost effective and don’t take much time.
Solutions to minimise your risk
If your website has become vulnerable it means somebody has gained access through one of three ways:
- Hosting – Via your hosting provider control panel.
- Server – Directly via your server, usually via SSH/FTP access.
- Website – Directly through your Web Content Management System (Eg. WordPress, Drupal) login.
Username: Don’t use the default username (eg. admin). Try and come up with something more unique which is hard to guess. As you can see below from our own website activity over the last 7 days, hackers will attempt to try default usernames to gain access.
Password: Don’t have a password which has things like your name, company name in it. Use a combination of uppercase, lowercase, numbers and symbols.
There are a bunch of security plugins available for your website which can help protect it offering tools such as web application firewalls, malware scanners and malicious IP blockers. Here are two of the best:
- Worfence – Over a million sites use WordFence to protect their WordPress sites. It continuously analyses the latest threats, developing new protection and detection rules to protect your site in real-time.
- Securi – A complete security stack to protect your website. Covers WordPress, Drupal, Joomla, Magento & Microsoft .NET websites.
SSL certificates (HTTPS) encrypt information travelling to and from your website. If Cyberattackers intercept any information travelling from your website, having it encrypted will make it completely useless to them. Check out our blog post on what SSL Certificates do and how to get one here.
When your Content Management System, plugins or themes have updates available, they often provide fixes for known security threats or vulnerabilities. Making sure everything is kept up to date is an easy way to reduce the risk of your website becoming compromised.
Open source Content Management Systems (CMS) power most of the internet. This makes it easy for third party developers to create plugins and extensions to expand upon the CMS functionality. Unfortunately, this can increase security risks. Plugins can make your website vulnerable through poor coding practices which create loopholes. Before installing a plugin, check the update history, amount of users and reviews. Plugins which are widely used and reguarly updated are less likely to create security risks.
Pinpointing where cyber attackers have compromised your website can be like looking for a needle in a haystack. Taking regular backups of your website will allow you to restore it to a previous ‘safe’ state. If your cloud hosting provider allows you to automatically take snapshots of your website, you should be able to restore it to a previous state within minutes.