How to keep your website secure

(Affiliate Disclosures- article contains affiliate links if you make a purchase I may be compensated at no cost to you. I only recommend what I use and believe in) privacy Policy and Terms and Conditions 

How to keep your website security has been at the forefront of my mind lately as I have been working behind the scenes with clients, and for myself getting our ducks in a row for the new GDPR regulations.

 

If you missed any of my articles on this topic, check them out below.

 

Anyhow, since at the forefront of the GDPR regulations is protecting end-user privacy it stands to reason that website security would be a part of that discussion, but I have to be honest, there is a lot of stuff out there that doesn’t really touch on this and so I thought it was important to share some good security practices for you in light of that.

Of course, these are some of the recommendations that I do for me and my clients, and everybody has different tools and resources and business needs and all that fun stuff so some of it may apply to you and some of it may not but this gives you a really good starting place to take inventory and have the conversation with yourself, your assistant or your webs designer. (this is for info purposes only and should not be taken as the be-all, end-all of advice, check out the terms and conditions on our website if you have any questions about that :-))

 

Okay, now that we got that housekeeping stuff out of the way, let’s dive in.

 

1- password security-

 

– Instead of using a regular password why not create a password phrase, I actually got this tip from my Internet service provider and it’s such a great tip. The idea here is that you use a bunch of words strung together, (that someone wouldn’t necessarily guess, and string them together with special symbols, numbers, uppercase, and lowercase.

 

For instance: “Live to laugh out loud” and reproducing the phrase using a mix of upper and lowercase letters, abbreviations, and numbers. “Live to laugh out loud” becomes “L1ve2laf0L”.

 

– keep your passwords safe and secure and don’t share them, instead use a tool like LastPass.com, then you only need to remember one password, and it even allows you to generate super secure passwords, plus it makes sharing passwords with your team super simple and secure. No more worrying about changing multiple passwords when you get new team members or losing passwords or keeping notes (unsafe and insecure) of passwords and risk losing them.

 

2 – secure your Internet connection –

 

-router- Having secure passwords and keeping them in a safe place is all fine and dandy but don’t forget about how it is that you are accessing the internet too. At a minimum you want to make sure you are using a secure network and please, please, please change the default password that the cable guy set up for you. Use the tip above about passwords and come up with a password phrase instead and keep it safe in a tool like LastPass.com The last thing you want is to have someone hack your network. You also want to make sure that your router software is up to date if possible turn on automatic updating.

 

– secure your mobile devices. Make sure that if you are accessing your website or other business tools on the go from your phone or ipad or laptop that you have proper security measures in place. Turning on two-factor authentication can be annoying at times but it ensures that your accounts are safe.

 

3 – secure your computers, phones and other devices –

 

– keep your computer, phone, laptops, iPads and Android devices up to date. When companies that supply software to these devices send out updates 9 times out of 10 they address security issues, so make sure you keep them up to date.

 

– virus and malware – Take caution when clicking on links from unknown senders as to not infect your computer or smartphone. It is also good practice to have a firewall in place as well as virus protection like McAfee or Norton Internet Security.

 

– Apps, software, etc. – If you are downloading things from the internet such as apps or software, make sure they are from trusted providers, if you are using a Mac or Apple device or Android device it is best to stick with apps from the app store as they tested to be safe and secure. Not to say that something couldn’t happen if you download something from these sources, but the chances are much smaller. 🙂

 

4 – Secure your website – (these tips apply to wordpress websites but most of this will be applicable regardless of the platform you are using.)

 

Your website is like your storefront online and it’s important to make sure you have a lock on the front door and the back door of your storefront.

 

– Get an SSL certificate for your website – An SSL certificate puts that little green padlock inside the web browser and tells your audience that your website is secure. SSL means that the data that is going across the network is encrypted, so in case it is intercepted it is still encrypted. You can get SSL certificates for pretty darn cheap these days and you can buy them from most domain resellers and web hosting companies.

 

– Keep your website up to date. Again, when these companies send out updates, they almost always address security issues, so it is important to keep your website up to date to insure it’s safe. This includes updating your theme, your plugins and software your website is using like WordPress.

 

– Delete and uninstall any plugins you are not using on your website.

 

– Set up website lockdown and ban users. This will help prevent brute force attempts to hack your site by “locking” it down and notifying of the attempt. There are a lot of different wordpress site lock down plugins available at WordPress.org. You can search some of them here. Just be sure the plugin is GDPR compliant.

 

– Use a  2-factor authentication plugin (again you can search WordPress here) (if you use the WordFence plugin that I mention below they have this feature available now, which is cool because that is one less plugin to install, maintain and slow down your site 🙂 

 

– Instead of using a username like your name or admin use your email address.

 

– Change the default login url from wordpress to something else, by default it is generally. yoursitename.com/wp-admin (most websites are wordpress websites and you’d be surprised how many folks don’t ever change this), this makes it way too easy for folks to hack your site. Again, you can search here for a good plugin to help you do this easy peasy on WordPress.

 

– Be selective on giving access to your website backend and when you do force more secure passwords.

 

– Install a security plugin such as WordFence to monitor your website. And while you are setting this up, hide your WordPress version number as this makes it way easier for a hacker to attack your website when having this info.

 

– Back up your website on a regular basis, ideally using encryption. I highly suggest and recommend a tool like Updraftplus*

 

– Disable .htaccess – Have you ever downloaded something from a website like: website.com/images/yourimage.jpg and then went to website.com/images/ to see what else is available? Just me? Must be the geek in me, lol, Anyhoo, this is not good as it opens up a security issue on your website and anyone can access the directory. To change this you need to add some code to your main .htaccess file, just locate the .htaccess file via your web host and add the following code: “Options All -Indexes” (no quotes) and it will lock the directory on the public_html level making your site more secure.

 

– Set proper directory access – Set your “directory” permission from within your web host to “755” and “files” to “644” to secure your files on the web. You can learn more about file permissions for wordpress here.

 

That wraps up this techie tip on keeping your website safe. Of course, this list is not an exhaustive list but it give you a great starting point to secure your website. Security is an ongoing “issue” you will want to address. 🙂

 

Oh, and if you missed those articles on GDPR check them out below:

• Ignorance isn’t bliss – are you GDPR ready?
• Questions about GDPR?

• Grab the GDPR Checklist for FREE – 40 questions designed to help you cover your butt for the GDPR regulations

Much love, xox, Kim

P.S. Would you like to a peek inside the guide before you buy? Then download the 40 question GDPR Checklist below for FREE!

Get Instant Access to the GDPR Checklist 40 questions designed to help you cover your butt for the GDPR regulations for FREE when you sign up for Rock Your Limits© newsletter.*

*By subscribing to the Rock Your Limits newsletter, you are asking us to send you regular emails with offers and information, links to articles, and resources, both paid and free designed to help you grow your biz from RYL’s and it’s partners. By signing up you are also agreeing to our Privacy Policy and Terms and Conditions which explain, in more detail, how we will use your personal data. Unsubscribe any time.

Legal Disclaimer: This is for informational purposes only and does not constitute legal advice. If you have any specific legal problems, issues, or questions, please do not act on this legal information alone. Seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction, as different factual situations and different legal jurisdictions may lead to different results.

I am not a lawyer. Nothing in this checklist and/or guide and/or any product service or information found on this website or offered by RYL’s  should be taken as legal advice. I make no guarantees or warranties that by following the steps I outline in this document you will be compliant with GDPR. I advise that you consult with your own attorney to ensure you are GDPR compliant. (please see terms and conditions for further info regarding this if any questions.)