Computer Basics: Securing Your Website

If you maintain a website for yourself or your business, you're responsible for keeping it safe and running. That includes keeping it secure from hackers and other intrusions. If your site gets hacked, it could becomes useless or worse. Customers may not be able to find you and think you're out of business. You can be penalized by search engines, losing valuable traffic. You may even put site visitors at risk if the hacker installs malware on your site.

Here are five essential practices to follow to help keep your site running safely:

Use Strong Passwords

You're heard this advice a million times. Don't ignore it. The first step to security is not allowing someone to easily guess your password so that they can login as you and do anything they want.

Use upper and lower case letters, use numbers, and use special characters when this is allowed. If you have trouble remembering your complicated passwords easily, then use a password manager to keep track of them.

This applies to your passwords for you host's control panel, for accessing your CMS (content management system) software, or for FTP (file transfer protocol) account access.

Use a Reliable Web Host

Before you set up your site, check online reviews for the hosting company that you're considering. Verify that it has a good reputation. You need a host that has your back and keeps its systems secure. Some hosts provide no backups or have histories of internal hacking problems.

If you already have a web host, stay open to the possibility of changing hosts if you encounter problems.

Keep Your Software Updated

If you use a CMS like WordPress, keep it updated. These systems are regularly updated for security problems. The moment a security hole is found, all the hackers know about it and move fast to take advantage. The more popular the system, the faster the hackers move to use a hole. Don't let your site be the one they hijack before you update it.

Plug-ins for CMS software can also have security problem and need to be updated regularly.

Do Not Use Unsecured FTP

If you use FTP to upload and download files from your site, make sure that your FTP connection is secure. Using an insecure FTP connection leaves your files vulnerable to modification between your computer and your web host and could expose your login credentials.

How you secure your FTP depends on which local FTP client software you use and the protocols supported by your host. Check your software's Help system for more information. Check its settings for SFTP (secure FTP) options that include SSH (secure shell), SCP (secure copy protocol), or TLS (transport layer security).

Keep Complete Site Backups

Security is not always under your control. Even if you take every precaution, sometimes sites are compromised and data is lost. Sometimes web hosts make mistakes. Sometimes hardware crashes irrevocably. Make sure you can restore your site if necessary.

Keep a complete backup of all files and data from your site. Keep this backup on your local computer, not just on your web host's computer. If you use a CMS like WordPress, that means knowing what versions of the software and plug-ins you would need to re-install as well as a backup of the current data from the MySQL database. If you build your own site, keep local copies of all HTML, CSS, XML, PHP, and any other files that your site uses.