Spies, thieves, hackers and malware are a problem for every website and every website visitor. In your own interests and to comply with the law you have to take steps to keep your website safe. A good web hosting company will help you do this, but here are a few basic precautions.
Make your domain name accessible by HTTPS
A secure sockets layer “certificate” (SSL) encrypts your sites data exchanges so they can’t be intercepted and monitored. It makes your site accessible by HTTPS instead of HTTP. SSL is often bundled with commercial hosting packages because they are essential for commercial sites, but they are reassuring for every site.
Buy your business name
It’s a good idea for businesses to buy any domain name that resembles their own (see https://www.names.co.uk/domain-names). That prevents someone impersonating you, profiting from your marketing, or cybersquatting (asking an inflated price for the name later).
Keep up to date
All websites depend on a web server and many also depend on a PHP interpreter, database and other software resources. These are constantly being improved to protect against new threats so keeping up to date is important. Good web hosts help you do this but it is something to ask when you choose your package.
Don’t allow uploads
Don’t provide any means for visitors to upload files onto your server space. If you need to receive files, ask them to use DropBox or email them direct so you can scan them with antivirus software.
Secure your contact forms
If your website allows visitors to send messages or leave comments you need to be very careful. Secure plugins use filters and other methods to prevent hackers entering potentially dangerous code into them.
Use security plugins
There are many free security plugins for content management systems like WordPress but check out the reviews before you use them. In the past, some had flaws that hackers could exploit so always keep them up-to-date.
Don’t advertise your CMS
If your website says “made with WordPress” you are telling hackers the weaknesses of your website and the default locations of its critical files.
Use safe passwords
Passwords aren’t much use if they are easy to guess. Hackers don’t have to guess them manually, they use software to try out probable combinations, but it is still very hard for them to crack a strong password.