Ten Tips for creating a secure website

With more and more people going online to buy products and access services, it is important to keep your website secure to ensure your customers are protected and trust your brand. Website security can sound a little technical, but there are some simple steps you can take to keep your website secure.

1. Use a well supported CMS to build your website

By using a Content Management System such as WordPress, you will have a whole team of developers looking out for the latest threats and ensuring the code behind your website is written in a secure way. This also makes it a lot easier to implement some of the following steps.

2. Add SSL (Https) with a security certificate

An SSL certificate gives you a padlock icon in the web browser and ensures that any information submitted through forms is kept away from prying eyes. This is particularly important for eCommerce websites to protect customer payment details, but is an important element of SEO for all websites as SSL makes up part of the score given to websites by search engines like Google.

3. Make sure your website, including any themes and plugins are kept up to date

This allows the technical experts to fix any security bugs which may appear on your website. In many CMS systems this is simply a case of clicking a button. You may be able to set up your system to update automatically, then you don’t even need to think about it.

4. Use secure passwords

A common way for websites to be hacked is where a person or software simply guesses a person’s username and password. When asked to create a new password, many people will follow certain patterns which hackers can then exploit. Password generators can be useful here and can often be saved in your browser or a plugin like LastPass.

5. Restrict file uploads on your forms

If your website contains a form which allows images and other files to be uploaded this can be exploited to add scripts into your website, which can then be used by a hacker at a later time. It is a good idea to restrict the types of files which can be uploaded, and ideally store the uploaded file seperately to the rest of your website.

6. Set up different access levels for your users

Does your website allow users to sign up for an account, or do you have publishers creating content for your blog? Giving users access levels within your system will ensure they can do what they need to and nothing more. This reduces the risk both from users themselves and anyonewho may attempt to “piggy back” on a user accessing the system.

7. Consider using Two Factor Authentication (2FA)

To keep your user accounts really secure you can verify your user’s identity before allowing them to login to the website. This could be in the form of an email link, or a code sent to the user’s mobile phone.

8. Use a security plugin

If you are using a CMS system, then a plugin such as Sucuri or Wordfence will take care of many of the points on this list for you automatically. They can also add a firewall and help to block malicious attacks on your website.

9. Keep regular backups of your website

If it turns out that things do go wrong and your website becomes damaged or compromised, it can useful to delete everything and then restore a backup. Again this can often be automated either through your web hosting, website, or both.

10. Keep up to date with the news

Occasionally there are major exploits which affect a large number of websites. If you hear about such an incident online then this is a great time to check the security of your own website.