Cyber Attacks: Are You At Risk? Part Three
If you’ve been following along for the last two weeks, you know that you are at risk for cyber crime and we’re here to give you tips to keep you safe. We’ve talked about passwords and pirate, wireless and Webroot. Today, we’re talking about protecting your website.
If your website exchanges information with its visitors such as login information or payment information, you need some security. This comes in the form of an SSL certificate. Make sure that you have purchased an SSL certificate if it didn’t come with your hosting. If you have to purchase an SSL certificate, it probably needs to be set up so don’t think you’re fine and dandy after the purchase – make sure it’s working.
SSL is what gives yours customers that nice little secure lock when they are on your website. That lets them know that your site is secure. Having an SSL certificate will probably cost you some money. If you have to conform to PCI Compliance laws, then you need one legally. There are some side benefits to having an SSL Certificate. Having a secure site tends to have a positive impact on conversion rates. Furthermore, that nifty http address can give you a bit of an SEO boost with the search engines.
Secure Your WordPress Site
Statistically speaking, if you have an informational site then you’re probably on WordPress – and for good reason. WordPress is one of the most popular Content Management Systems (CMS) in the world. It’s super easy to use and easily expandable. However, with popularity comes vulnerability. Hackers love to target large platforms because the possible payout is much larger when the target pool is so big. This is why WordPress is often the target of attacks. Fortunately, there are easy ways to keep your WordPress site secure.
- Install a security plugin such as All in One WP Security or Wordfence.
- Keep your WordPress installation up to date. As a bonus, set it to auto update.
- Require strong passwords.
- Do not use FTP – only SFTP.
- Keep your plugins up-to-date.
- Don’t use plugins that haven’t been updated in quite some time or from untrusted sources.
- Protect yourself from DDoS attacks with cloud-based firewalls.
- Rename the administrative account to something hard to guess.
- Change the table prefix in your database.
- Make frequent backup of your site.
- Use plugins to filter your spam comments like Akismet or Anti-spam.
- Use logging and monitoring tools so that you can catch a problem early.
- Keep your file permissions as locked down as possible.
- Choose a quality web hosting provider that provides great server level security tools.
Stop Spam and Bots
When your website gets hit by a bot, it can cause a lot of problems. You could end up with anything from an endless sea of spam to mountains of fraud orders. Cloud-based firewalls such as CloudFlare, Sucuri and Incapsula can help minimize traffic from malicious sources. Another helpful tool for fighting spam and automation is re-captcha. This is Google’s automation fighting tool that is easier for real people to use than traditional captchas.
If you find yourself in a bad position due to bots, contact your hosting provider. Chances are they have a great deal of experience with this and can point you to services that integrate well with their solution. Many great e-commerce platforms have built in tools to help with this. For example, Aabaco Small Business offers risk management tools that include re-captcha and other great resources.
Well there it is! After 3 weeks of tips and advice you now have a Swiss Army Knife of cyber security at your disposal. If you have other great cyber security tips, please feel free to send them in! We’d love to hear from you. I’m hoping your computers and accounts will sleep safely and soundly now knowing that you’ve locked up the doors and turned on the alarm. Stay safe out there. If you need any help making your websites more secure, feel free to reach out to us!