How Secure Is Your Website?
Today is National Computer Security Day, originally created to bring awareness to consumer security and remind you to protect your personal information online. This "holiday," so-to-speak, is also an excellent opportunity to talk about website security. If you operate a business and have an online presence, you need to understand this topic – and with urgency.
On average, 50,000 websites get hacked every day, and that number continues to grow. These aren't all high-profile retail sites, either. The majority of these sites are legitimate small businesses, just like yours.
What happens when your website gets hacked?
For starters, your site gets infected with malware. In some cases, hackers will steal your data, including your customers' data, and use your site to redirect visitors to other malicious sites. To make matters worse, when such things happen, it can result in your site getting blacklisted by Google. What does that mean? When a website is blacklisted by the largest search engine, it loses nearly 95% of its organic traffic – along with the revenue associated with it.
To understand the need for Google on a deeper level, there are more than 1.5 billion websites on the internet today. It's information overload, which is why people have to rely on search engines to find relevant information. And, Google takes its job of delivering quality search results very seriously.
Search Engine Journal reported details from Google revealing that more than 80% of hacked sites have been detected and removed from search results to fight the growing amount of spam on the internet. What a terrible fate if you're a genuine business that just so happens to get hacked.
This doesn't even address the impact on a customer. If someone visits your site and gets warned or infected with a virus, there's an extremely high chance that customer will never visit your site again.
How can you shore up your site security?
The old saying "an ounce of prevention is worth a pound of cure," couldn't be more accurate in this situation. If your site gets hacked, the price and process of website cleanup can be much more resource intensive than if you would have established a secure site from the beginning.
With that said, here's a list of preventative measures we use on all of our sites to protect our clients. This can serve as a list for you to check with your service provider or agency. If they're not sure what you're talking about or don't know how to do something on this list, give us a call. You may need to reconsider their services.
Site security must-haves:
- A Secure Platform: WordPress continues to be the leading infected website platform. It powers hundreds of millions of websites across the globe, which makes it prime territory for hackers to find websites that are less secure and easy to exploit. If your site is currently running on WordPress, we suggest moving away as quickly as possible. Look for a platform that's not as highly targeted by hackers. This is one of the main reasons we developed our own Framework and don't open-source our code. We also control the servers where our code lives as an added layer of security for our sites.
- SSL Certificates: Since 2018, every website without SSL, indicated as HTTPS at the beginning of a website address, has been marked by Google as insecure and received an SEO penalty. With this in mind, it's imperative to have an SSL certificate on your site.
- Encrypted Passwords: As customers create their own passwords, they need to be securely stored within your site as encrypted text rather than plain text. Plain text is precisely what it sounds like: passwords that are stored exactly as they're written with letters and numbers. Without encryption, all of your customers' passwords are immediately compromised the moment your site gets hacked. You'd be shocked at the number of content management systems (CMSs) that don't encrypt passwords, so this is something you definitely need to look into.
- Locking Accounts: Another security measure to have in place during the login process is locking accounts after too many failed attempts to avoid bot attacks. Sounds simple enough, but it's another best practice that not all companies are practicing.
- Obfuscating Code: This simply means adding pieces of code to your site's backend that's unintelligible to hackers. Because we hand-code all of our sites, we're able to easily modify or obfuscate code, so it's no longer useful to a hacker, but the website remains fully functional. It takes skilled developers to know how to do this, which is another reason to move away from an agency that only knows how to set up WordPress templates.
- Security Without Compromising Speed: Having a site that loads quickly is important for a great user experience as well as Google rankings. (Yes, Google checks for that, too.) One thing that could potentially slow your site is data encryption. While encryption is the most effective way to achieve security, it does slow the process of how a browser and web server communicate. We handle this by not loading the bulk of the Framework when it's not needed, allowing the site to run quickly and efficiently while remaining highly secure.
- Sanitizing Inputs: It turns out, sanitizing is just as necessary for your website as it is for your hands. Sanitizing inputs is a measure of checking, cleaning, and filtering data inputs from users and web services of any unwanted characters and strings to avoid harmful script attacks in the system.
- Updated Background Technology: Nothing about the internet was ever meant to remain stagnant. As technology constantly evolves, it's important that the foundational elements of your site, such as the operating system, web server tech, PHP, and MySQL (database), are keeping up with the times as well. You want to be sure the latest updates are installed and the right security protocols are in place.
- Updated Platform Technology: In addition to the "background technology" you also want to be sure your CMS is up to date with the latest security measures. When it comes to our Framework, we're constantly researching and adding features with each new release, and we always keep it up to date with the latest security best practices.
Site security isn't something you should leave to chance. In today's digital economy, your website is too important to the success of our business. We suggest you run through this list again and verify your site is running as safely as possible for you and your customers. If you believe your site has been hacked or you need to switch from WordPress to a more secure CMS platform, we're always here to help!