In the recent years, there has been a significant growth in the tools and services used in web development. Content management systems like Joomla! and WordPress make it easy for webmasters to quickly and efficiently build their online presence without ever seeking professional help. There are many highly extensible architectures, modules, extension ecosystems and rich plugins that make it easy to setup a website even with no experience and training.
This freedom in web development is not without its share of problems. The main one is the fact that not many webmasters know about website security. This post looks at some of the best practices that will help you build a more secure website.
Keep your website updated
When everything is running smoothly, it is very easy to forget about updating your website. One fact you need to understand is that most of the websites that are compromised today are those that run on outdated and insecure software. It is very important that you regularly update your website right from the new plugins to the CMS version. Most hacks are automated. It is only by updating the elements of your website that you will be able to combat most of the hacks effectively. Make a point of updating your plugins as soon as new updates are released.
Use complex passwords
Even with a well updated website, if you don’t take the time to make sure that you have strong passwords, chances of being hacked will still be high. There are certain passwords that increase the chances of your website being hacked. There are three requirements you need to satisfy when creating your passwords:
- Make sure your passwords are random. Don’t use your birth date, favorite movie or anything that the people who know you can guess. You need an alphanumeric password.
- Your passwords should be long. Make your password at least 12 characters long. This reduces chances of someone guessing the password.
- Use unique passwords. Never reuse your password. If someone finds out your FTP password, they should not be able to use it to log in to your email or online banking account.
Don’t host your websites on a single server
This is a very important point that you need to consider, especially for a finance website. Just because you have an unlimited web hosting plan doesn’t mean you should host all your websites on the same server. This will create a large attack surface. The last thing you want is for a virus to infect all your websites.
Alter the default CMS settings
It is very common for webmasters to use the default settings. Doing this increases your chance of being hacked since hackers mostly target the sites that use the default settings. You need to change the settings after installing the CMS.
Pick extensions carefully
Last but not least, you have to be very wary of what you install on your website. Make sure you know the publishers and ensure that the extension you are considering was updated recently.
Securing your website is a matter of being careful of what you do. Don’t be predictable.
Mark Price is a web developer focusing mostly on website security. He works for https://www.libertylending.com/. To learn more about website security, connect with mark on his LinkedIn account.