We live in an era of robust web-development services. The availability of user friendly content management systems (CMS) such as WordPress enables business owners to create a solid online presence with little or no tech experience.
This widespread access to web technology is excellent for business and the competitive spirit. Unfortunately, it also spreads alarming security risks and vulnerabilities. Because many business owners don’t have years of technical web experience, many don’t know how to make their websites safe and secure. Further, many don’t understand the importance of web security.
Web Security For Business Protection
Hackers are getting smarter and sneakier each year. They can install harmful code into unprotected websites, redirect your website to another site, steal private customer data such as credit card numbers, and sometimes even remove your website altogether.
The business implications of these security disasters are clear. If such a situation were to happen to your website, you can imagine the sinking feeling as you hire a PR company to help manage the damage control.
Web Security For SEO
Your business isn’t the only thing that doesn’t want security problems. You know who else hates them? Google. If your customers were to visit your site, only to have their private information stolen and used maliciously, they are going to blame two things: Your website, and Google
If Google senses even the slightest red flags that your website is vulnerable to security problems, it lets your visitors know with an ominous message right in the search results: “This site may harm your computer.” It goes without saying that this warning is very bad news for your web traffic and your SEO.
To protect your business while helping to optimize your SEO, it’s important to keep up with basic security practices. Here are a few key tips.
Strengthening Your Web Security
Some web-security best practices fall into the realm of common sense, while others are a bit more technical. Nonetheless, they’re all necessary. Here are a few web security best practices you shouldn’t ignore:
- Strong passwords – Many people are surprised to learn that weak passwords are a major cause of malicious hacking. Hackers often use password hacking programs to waltz into your website as if they have a front-door key to your home.
To be safe, passwords should be random, long and unique. Using real words in your passwords makes it easier for hacking programs to figure your passwords out. So it’s important to use random combinations of letters, numbers and symbols rather than words found in the dictionary. Also, 12 characters long (or longer) is ideal. And don’t use the same password for more than one website.
- Plugin updates – Unsecured, out-of-date plugins and vulnerable CMS versions cause a huge number of malicious website attacks each year. Don’t let this happen to your site. Make sure to update all plugins and CMS versions the moment they become available. If you procrastinate, you’re increasing the chances that hackers will find your vulnerabilities before you get around to updating them.
- Trustworthy extensions – Trustworthiness matters when it comes to security. The extensions and plugins you’re using in your website can pose serious security threats if you don’t choose them carefully.
Choose extensions that have up-to-date versions – i.e., versions that are less than one year old. This helps ensure that the author is maintaining the extension’s security rather than forgetting about it and turning a blind eye to possible threats.
It also helps to choose extensions that have been around for a while and have thousands of installs. Also, choose extensions and themes that have trustworthy sources. If something is mysterious, avoid it. And an important bonus tip: avoid free versions of themes when the original ones are premium!
- One website per server – Do you have an unlimited hosting plan? Are you hosting several websites on one server? If so, you might want to change that approach. With numerous sites living in one location, you’re giving hackers an opportunity to breach all of them at the same time. To ensure the security of all your websites, host each site on its own separate server.
- Least privileged permissions – If your website has several logins, the users of your site should have the least amount of permissions needed to perform their immediate tasks. If several users are granted the administrative privileges to alter website settings rather than merely editing a blog post, it could lead to several vulnerabilities in that site’s security.
Make The Switch To HTTPS
SSL gives your users vital security you don’t want to be without. To implement SSL, you’ll need to move your site over to HTTPS instead of HTTP.
SSL is an abbreviation for Secure Sockets Layer. It’s a web protocol that creates secure online connections between servers and browsers. The data sent via an SSL connection becomes encrypted and un-encrypted so only the intended recipient can view it.
SSL is especially important for ecommerce sites because it helps prevent hackers from accessing private data and financial information.
Also, if your website collects private information (like credit-card numbers,) and it isn’t protected with SSL, Google could tag your site, or some of its pages, as non-secure.
If you still have an HTTP website rather than HTTPS and SSL, here’s how to make the switch.
1. Replace your site’s internal paths with relative paths. Do the same with your website’s media content.
2. Purchase an SSL certificate. Avoid free certificates. They are generally not as secure as paid ones, and web browsers might be triggered to alert visitors that “this website’s security certificate is not trusted.”
You can choose from three levels of certificate validation:
- Domain Validation: With this certificate, the CA (certificate authority) affirms your right to use the domain name you choose. The cost for this certificate is up to $30 yearly.
- Organization Validation: Besides confirming your right to use your domain name, the CA also validates your organization. They do this by checking sources such as the Whois database and other sources. Expect to pay anywhere from $40 up to around $300 per year for this certificate.
- Extended Validation: To receive this certification, you’ll need to verify your identity with the CA. The certificate authority conducts a detailed examination and vetting process. It then rewards recipients with a green-colored address bar when the website is displayed within a web browser. The cost starts at around $120 and can go up to about $300.
3. Next, update your website’s robots.txt files. This is where you’ll add HTTPS to the host and to the sitemap (i.e., https://site.com). Your site will now be running with HTTPS.
4. Set up a new Google Search Console profile for your site. You’ll also have to update your sitemap.xml file, and if needed, update the links in the console’s disavow tool.
5. Set up your site’s permanent redirection (301 redirect.) This will prevent your site from being available simultaneously on HTTPS and HTTP. Duplicate websites will be catastrophic to your SEO efforts, so don’t skip this. Also, this step is crucial to ensure that your website won’t vanish from SERPs after switching to HTTPS. While you don’t want both website versions to be available to your visitors, you’ll need your sitemap.xml and robots.txt files to be available on both HTTPS and HTTP.
Web Security: One Big Task, Many Big Advantages
The time, efforts and costs of web security are certainly challenging. Many webmasters are tempted to wonder if it’s even worth it. But when you lay out the advantages associated with securing your website, the benefits become clear.
Making web security a priority helps your customers feel safe, protects your profits, secures your business’ reputation, and gives you a competitive edge through strong SEO. Don’t know where to begin? Start anywhere, as long as you start soon. The online landscape is competitive, so there’s no better time like the present!
* Adapted lead image: Public Domain, pixabay.com via getstencil.com