It’s pretty normal for someone to go weeks without looking at their own website. After all, if you know what you put up there, why would you unless you wanted something changed?
Imagine, to your dismay, receiving a phone call or email from a long standing client, troubled by your website. You go on only to see the content on your site altered maliciously and your reputation tarnished, both personally and professionally.
That’s not the time to wish that you had a more secure site.
To know if your site is really secure, ask yourself these questions and if it’s not, we have 4 tools for you.
Is It up to Date?
When a hacker tries to seize control of a site, what they look for is vulnerabilities in your sites code. They can do this in various ways but generally, it doesn’t take them frantically pounding away at a keyboard like they do in the movies.
Just as hackers work against your site, the developers behind your site constantly work to make their code more secure. When developers find an area of weakness, they will send out updates, patches, etc. that fix the issue. If you don’t keep both your site and its plugins up to date, hackers are going to be more likely to exploit those areas.
Does Your Site Use HTTP or HTTPS?
Sites use HTTP by default. It stands for Hypertext Transfer Protocol. HTTPS stands for Hypertext Transfer Protocol Secure. You probably see where I’m going with that.
HTTPS is for sites that utilize SSL or Secure Sockets Layer. This means that information that is transferred between the visitor’s browser and the website’s server is encrypted. For someone to decipher the information, they would need the encryption key that is only available on the web server.
SSL certificates are cheap, if not free with most hosting services. If you are utilizing any type of online shopping, HTTPS is a must but overall, it will make your site more secure.
Does Your Site Use Parameterized Queries?
This one is a little more involved but the main idea is this; instead of entering a username and password into a field, hackers can enter bits of code aimed at corrupting systems or retrieving information inside of your website. This process sets “parameters” for what can be entered into a “query”. For more information, check out this article from Microsoft.
How Strong Are Your Passwords?
I can’t believe I’m saying this but in 2018 the most commonly used password is still “123456” followed by answers like “QWERTYUIOP” (which is just the first row of letters on the keyboard.)
Having a company-wide password policy that dictates the strength of passwords will keep your site secure from a would-be-hacker getting access.
So Is Your Website Really Secure?
Ask yourself these questions and you will get your answer. There’s no one-sided answer to your security and as threats continue to evolve, your security will need to evolve with it. If you are questioning your security, check out these tools.
Wordfence – Firewall and Malware Security
At over 2 million downloads, Wordfence is one of the highest rated security plugins for WordPress and has over 2 million active installations. Wordfence’s free plugin blocks malicious traffic going to your site and their premium version offers more robust features.
VIP Scanner scans the code of your site, including all themes and files you may use to identify any potential security loopholes that may leave you vulnerable.
iThemes bans users that have previously attacked other sites by blocking their IP address.
This plugin protects websites from injection-related attacks. At over 90,000 downloads and a perfect 5/5 in reviews, this is a simple but comprehensive solution with a BBQ Pro version available.