Website Security Checklist

Man staring closely at computer code on screen

What would you do if your website was hacked?

Do you have a fresh copy of your website saved somewhere? 

Would you be able to recover all the hard work that you’ve put into your website?

OR

Would it all be gone?

Most people think a website attack will never happen to them—until it does.

Cyber attacks are actually becoming more and more prevalent, doubling in 2017 alone. The Online Trust Alliance (OTA) named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” If it’s any consolation, everyone is at risk: companies like Uber, Deloitte, Equifax, Apple, and Ebay are only some of the entities that faced data breaches via hacking in 2017.

At any moment, malevolent marauders could be trying to access your website or server’s data. We’re not saying this to scare you—we swear. The truth is, many security breaches can be avoided if simple security steps are taken, like keeping software up-to-date and using strong passwords. That’s why we have put together a website security checklist.

Depending on your technical knowledge, your website setup, and the infrastructure you use, website security can get pretty complex. We’re going to cover the security basics with you today so that it doesn’t look like your website has a “Hack Me” banner displayed on its homepage. If you would like to take extra measures, speak to our support team about setting up additional security.

Is your website secure? Or is it like a flashing ‘HACK ME!!’ sign?

Let’s find out!

 1. Is Your Software Updated?

Make sure you are using the latest versions of operating systems, themes, plugins, and WordPress versions.

The Danger: Out of date versions of plugins are easy prey for hackers who use flaws in the previous code to break into your website.

 2. Do You Have Inactive Plugins?

If you are no longer using a plugin, or a plugin hasn’t been updated by its author for several months, delete it. 

The Danger: Hackers can hijack plugins and insert malicious code.

 3. Is Your Username Admin?

Many people know that the default username for a WordPress website is “admin.” It is recommended to delete the original “admin” account that comes with WordPress and create a new account altogether.

The Danger: By leaving your username as the default, you are making it easier for hackers to guess your login info over time, which they use to access your account for malicious purposes.

 4. Is Your Password Strong?

If you struggle to create and remember different usernames and passwords (like most of us do), find a trustworthy password manager to help you. Many password keepers can randomly generate mega-passwords for you—complex passwords made up of letters, numbers, and symbols that are near impossible for a brute force attack to crack.

In case you’re wondering, these are the “Top 10 Worst Passwords of 2017”:

  1. 123456 
  2. password 
  3. 12345678 
  4. qwerty  
  5. 12345
  1. 123456789 
  2. letmein 
  3. 1234567 
  4. football 
  5. iloveyou

The Danger: If your password is simple, it can be simply found out.

5. Do You Have An SSL Certificate?

Add an SSL certificate to your website. That’s the ‘s’ you see at the end of ‘http’ in certain browsers, often with a lock icon and the word “Secure” to the left of it. SSL stands for Secure Socket Layer and the protocol encrypts the information going between your website and a user’s browser.

The Danger: SSL Certificates have become so important that Google will even give websites a ranking boost if they have one.

 6. Do You Make Regular Backups?

Keeping a backup of your website is one of the most important things you can do as a website owner. Having a backup will ensure that you can recover quickly and not lose all of your hard work.

The Danger: If a hacker jeopardizes your website, you could lose everything, including years’ worth of content, images and blog posts.

 7. Do You Get Notified If Your Website Goes Down?

How long would your website be down for before you noticed? Uptime monitoring services notify you the moment it happens.

The Danger: A website that is offline is a website that is unable to make you money.

 8. Do You Have A Saved Copy Of Your Website? 

Keeping a backup of your website is one of the most important things you can do as a website owner. Having a backup will ensure that you can recover quickly and not lose all of your hard work.

The Danger: If a hacker jeopardizes your website, you could lose everything, including years’ worth of content, images and blog posts.

 9. Do You Get Regular Malware Scans?

A professional scan looks for malware, and if it detects any, remove it.

The Danger: An infected website will either go offline or try to infect other websites and visitors to the website. It’s like a disease, but for websites.

 10. Would You Know If Your Website Was Hacked?

If you have a website that is hosted on a server, then you are at risk to all sorts of nefarious web activities.

The Danger: Without constant monitoring for hacker attempts, your website could be affected for weeks without you knowing. A website that has been hacked is a danger to your users and bad for your reputation.

Let Venture Creative Collective’s website development and security specialists secure and protect your website.

Leaving you free to focus on more important tasks for your business.

 

From how to build a website that makes you more money than it costs to leveraging automation to make your business life easier, our posts feature real stories from our lives and business.

Did you find this interesting?