It's almost 2021 and the cyber security threats are more aggressive
than ever. We prepared a website security checklist that will guarantee
you that your website is a safe place for your visitors. In order to
make your website secure, you need to:
1) Use up to date software
Let's
say that you have an ecommerce shop, one that uses WooCommerce or
Magento. There are new software updates almost every two months. As a
shop owner, you should try to update your website's software when there
are new versions available, because the new changes may cover
performance or security aspects, and these two will help you to have a
better online store.
2) Use strong passwords and change them frequently
You
should use passwords consisting of at least 8 characters. The password
should contain: letters (uppercase and lowercase), numbers and special
characters (such as: !@#$%^&*}{:"). We recommend you to update your passwords once in three months.
3) Create frequent backups, for both database and files
You
should not rely on the hosting company, because there are a lot of
cases when they have problems and your data is lost. That's why you
should create backups at least once a week. You should backup both the
files and the database.
4) Use SSL certificate
Secure Sockets Layer (SSL) is a standard
security technology for establishing an encrypted link between a server
and a client - typically a web server (website) and a browser, or a mail
server and a mail client.
To
show your visitors that your website is a safe place to navigate, you
must use an SSL certificate. You can register free SSL certificates at
Let's Encrypt:
https://letsencrypt.org/
5) You should allow restricted access to your users
You
should create different access roles for your users. For example,
Wordpress CMS has the following user roles: administrator, editor,
author and simple registered user. You should deny access to critical
website settings for users with lower roles.
6) Prevent SPAM - Use captcha and honeypots on your website forms
You can integrate Google reCaptcha for free and it will automatically protect your website forms.
You can integrate a honeypot. A honeypot is a hidden field that is visible to bots but not humans. When a bot fills out a form, the bot sees the hidden field and fills it out. You can make a rule and if this hidden field is filled or is filled with a different value than you're waiting, the form was completed by a bot/spammer.
7) If you want someone else to take care of your website security,
you should invest in a website security software, in case you're
interested, we can help by offering free website security services. Please visit the following page for more details: https://protectumus.com/signup
Protectumus is a free website security scanner that checks your website for known vulnerabilities. We use a cloud scanner that scans your website for security issues for free. Protectumus also offers DDOS protection, Web Application Firewall (WAF), Two Factor Authentication (2FA), Uptime and Speed Monitoring, plus many more. You can find a list of detailed security features here: https://protectumus.com/features