Want to secure your website? Here’s where to start
Security doesn’t have to be tedious and complex
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Some of your website’s security may be covered by your hosting company and they should always be your first call if anything were to happen.
However, you should always check what they do and don’t cover because at the end of the day you are responsible for your website’s security. Even the smallest of SMEs and micro-businesses require security.
It’s not always the case that the person or bot that is hacking you is after your business. You could be the weak link in a chain that leads to the real goal. Your business may be in a nice office on a brand new business park but your website is in the meanest, most corrupt part of town there is.
(PS: Don’t forget to check out list of thebest web hostingservices as it includes providers that have been tested and verified by us).
The Internet. It’s not a matter of if; it’s a matter of when. So let’s look at what matters in your quest for enhanced security.
1. Who or what am I protecting?
This is the first thing you need to ask yourself when adding security to your website. What is the most business critical aspect and what can you realistically afford to protect it. In terms of who, there are two main groups you need to think about protecting.
2.SSL certificates
SSL stands for Secure Sockets Layer. It’s a protocol that creates secure connections between a server and the person who is accessing the site, known as the client. SSL use a cryptographic system to encrypt information being passed between the client and server. Generally you can tell if a website has a valid SSL Certificate as the URL begins with HTTPS rather than HTTP and contains the padlock symbol.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
3. Web application firewalls (WAF)
WAFs (Web ApplicationFirewalls) monitor the traffic before it reaches web application, analysing requests to filter harmful traffic or traffic patterns. WAFs are a common security control utilised by businesses to protect against impersonations, zero-day threats, and other known vulnerabilities and attackers.
Not surprisingly, they are usually offered as an option for bigger websites as they can be tricky to put in place (due to the level of expertise require) and are relatively expensive especially for SMBs.
4. Use anti-malware software
Ananti-malwareis one of the most essential mechanisms for securing the communications to and from your website. The good hosting provider will include this protection as part of their offerings, but you should definitely invest in one if you are opting for dedicated hosting.
There are several options available including several free ones that are good enough for basic websites, though you should look at the paid options if you are hosting a traffic intensive website.
5. Keep your website platform updated
Irrespective of thecontent management system (CMS)you are using to power your website, always make sure you are running the current release, since old, unmaintained ones are easy targets for exploits.
Most of the popular CMS like WordPress are open source, malicious users spend a lot of time reading through the source code of older versions hunting for vulnerabilities that they can use to take control over your website. The simplest way to thwart this is to ensure you are always running the latest version of the CMS.
Désiré has been musing and writing about technology during a career spanning four decades. He dabbled inwebsite buildersandweb hostingwhen DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.
Rising AI threats are making firms turn back to human intelligence
Thousands of employees could be falling victim to obvious phishing scams every month
Best CDN provider of 2024
