Malware can infect your website in a multitude of different ways including the installation of malicious software or free software packets or even through out-of-date third party applications such as Joomla! Or WordPress. According to the Symantec Corporation, there were vulnerabilities found in nearly three quarters of websites in 2015 and over one million web attacks each and every day during the year!
There are many services out there that people can purchase to protect their websites. A good place to start is with an antivirus software for your computer. Antivirus software will scan all downloads for malware and inform you of any threats to your computer. If you own a website, also purchasing a website security package from a trustworthy source, like Norton, McAfee, or your hosting provider can keep you, your users and your customers safe with various tools that scan, detect and remove malware automatically from your site.
We’ve talked before about the importance of securing your website. So, other than these paid services, what can you do to protect your website? Here are seven great ways to protect your website for free:
1. Strong passwords
The strength of a password can make all the difference in a hacker’s ability to steal your information or access your files. According to a Telesign report, three out of four consumers use duplicate passwords, many of which have not been changed in five years or more. Unsurprisingly, about 40 percent of those surveyed say they had “a security incident” in the past year, meaning they had an account hacked, password stolen, or were given notice that their personal information had been compromised. Make sure that you are changing your passwords on a regular basis.
A eight letter password will be much weaker than a longer password with special characters (@#$%^&[>, capital letters, and numbers). The longer your password and the more characters you use, the safer your information will be. If you have trouble creating strong passwords, you can use free services such as StrongPasswordGenerator.com, which will create a strong password for and give you tips on to remember it.
2. Always backup your files
A single piece of malware has the potential to destroy your entire website beyond repair, that is unless you have been backing up your files. Backing up your website files on a weekly or bi-weekly basis will ensure that even if disaster strikes you can simply reinstate your website from a backup and then strengthen your website to protect your data from future vulnerabilities. Many web hosts offer some sort of automated website backup service but if you want to do it yourself to save some money, here’s a great tutorial.
3. Keep your applications up-to-date
This one is pretty simple to do, but it is also easy to neglect. If you’re running a website on WordPress or Joomla! You should know that these developers are constantly updating their coding with new security patches to keep potential threats out. If you or your website administrator fails to keep up with these updates, your website could be vulnerable to hacker attacks. Make sure to check for software, plugin and theme updates on a regular basis.
4. Install security plugins
Along with software updates, third party applications often come out with plugins that can increase the security of your website. For example if you’re running a WordPress-based website you could download Better WP Security or Bulletproof Security for free. Most third party applications have plenty of free plugins for you to try, just make sure you download them directly from the developer and not from any suspicious looking websites.
5. Be cautious with file uploads
Allowing users to upload files onto your website can be a big security risk. Something as simple as an image for an user avatar could have a bug hidden within it. We recommend that you prevent direct access to any uploaded files. Set a maximum length for the file name, a maximum file size, scan uploaded files with antivirus software and keep all uploaded files in a folder outside of the root directory.
6. Hide your admin directories
If you run a website, you may have realized that they are made up mostly of a bunch of files and folders. Hackers have the ability to search your website files for admin directories by searching for folder names like, “admin”. Once they find these directories and gain access, they can attack your entire website from the root. An easy way to avoid this problem is to simply rename your admin folders. Most CMS’s (Content Management Systems) allow you to rename your folders and directories. Just name your file or folder to something not as important sounding such as “About Us” or “General” and hackers will have a harder time locating your admin directories.
7. Strengthen your network security
Make sure that your employees and/or co-workers aren’t giving hackers easy access to your website by tightening up any vulnerabilities in your network. This could include having network passwords changed on a regular basis, having expiring logins and scanning all devices that are connected to your network for malware. These simple steps will make it that much harder for hackers to break into your website through your network.
To stay in the know about the ever-evolving world of website and digital security check out BestSecurityTips.com.
If website security is something you need help with, check out HostPapa’s SiteLock services. With SiteLock we take all the stress of protecting your website away with automatic malware removal, threat detection, and protection for your website visitors. Don’t forget to check the HostPapa blog for more helpful tips for your business.