Website safety is important today. Here are 7 ways to keep your website safe in 2020.
1. Keep software current
Your website is built from software. Like all software, it is being improved and updated all the time. So, after your website is live, it needs to be continually kept up to date with the latest versions.
If it is not kept up to date, then it can be vulnerable to attacks. Why? Because people discover vulnerabilities and look for websites that have not yet been protected against them. The software developers find out about these vulnerabilities and write a patch that fixes them. But if you are not updating your software, then you won't benefit from it.
If your site is not kept up to date, then other software may not talk properly to it. This means your site may error, or unexpected things happen.
Finally, if you do keep the software up to date, it will be easier for you to update and improve your site. Google loves it when you do this. At GTB here in Kapiti / Wellington, we have had many people come in wanting us to improve their site. But if their site was not up to date the job takes longer, or sometimes it's quicker just to replace the entire site.
2. Use HTTPS
As a user, you may not have noticed this, but a few years ago most web addresses started with 'HTTP'. Then the 'S' was introduced for 'HTTPS'. The 'S' stands for secure and means that when someone opens your website, the traffic to their computer goes across secure protocols. This is important in today's threat laden environment.
Most websites have been moved to HTTPS but it still surprises us how many do not have this secure protocol. As well as meaning your website or its traffic is much easier to hack or interfere with, the Google search engine does not like HTTP sites. It may rank lower in searches and users will have to go past a warning screen to get to you.
3. Use CAPTCHA to prevent spam
Today there are a great many automatic systems roaming around the web looking for vulnerabilities and trying to get access to anything they can. CAPTCHA stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart' and that is just what it does - it makes the user do something which only humans can do, and therefore it keeps the bad bots out.
Depending upon which version of CAPTCHA is being used, the user may be asked to type in a series of letter of numbers from a picture, or even just push a button. It may seem simple to us, but computers find it very hard to figure out - and this is what it is designed to do.
4. Keep backups
'Doh' you are thinking, that's obvious. But again, you'd be surprised...
Website do crash occasionally, or are taken down, and have errors introduced to them. Usually the quickest easiest thing to do to get them back and running, is to restore to a previous version of the sites code. Usually, this previous version comes from a backup.
How you configure your backups is key and deepends upon what you use for site for. A simple online information website about your company (aka a 'brochure' site) may only need a weekly automated backup to the same server it is on. You may wish to periodically copy downthe software to a different server or system 'just in case'. A busy site that is frequently taking in user data or processing transactions should have a much more frequent backup. This can help prevent data being lost in the event of a need to restore.
How you do your backups, and the broader topic of your websites 'business continuity' requires some thought and design. But what you need to know is - you need an appropriate backup system as a part of your website safety.
5. Do housekeeping
Not only do you need to keep the software up to date, you also need to ensure that things are nice and tidy inside your website code. Old modules and pieces of code should be removed, or they may become vectors for attack, or lead to breakages. Keep an occasional human eye on your website and an eye out for what is happening on the web that might affect your site.
Importantly - ensure that only people who need to have access to your site do have access. We take over sites sometimes where many people who once had access still have access. Even though these people no longer have anything to do with our new client's site. Not all relationships end well, and people can change. So make sure only people who need access to the back-end of your site today, have that access.
Website safety requires at least a small amount of attention to the housekeeping.
6. Strong passwords
The old chestnut is still valid today, in fact more than ever - use strong passwords or pass phrases for website safety.
There are many different views on exactly how to do this, but we at GTB have put together the CLOUDS acronym. This is covered in a separate blog article - Strengthen your Password Policy
7. Choose your webhost carefully
Your webhost is the server on which your site is running. These servers are are usually provided by a company. There are many choices and many things to consider, other than just price.
You'll need to pick a webhost that gives you what you are looking for, for your website. The speed which users can download the site is very important, as slow sites can rank poorly and also put people off. Do you need a dedicated server, and will a lower cost shared server be ok? What about security? Where in the world are the servers located, and are you ok with that?Many webhosts are good but remember you may not know who you are dealing with. Some webhosts are poor or misrepresent their features. Some are downright shady.
What about support? Generally the webhost will just provide the hosting environment and the the rest is up to you, but if you are setting things up or moving them around, you may need more help and not only will that come at a price but you also need to be using a webhost that provides that type of service.
Do you need your site to be portable, or do you not mind being locked into one webhost? Often, the 'free hosting' sites come with conditions. What seems ok today may not remain that way if they change, or if your needs change in the future. Can you move your site?
The easy way to keep your site safe
GTB IT Solutions can offer you website safety services, if you don't want to be responsible for that yourself. As technology specialists with many years of experience, we can take care of all the things above, and more, for a very reasonable charge.
Here is a link to our web services page inside this site - Website Services
We look after web clients around New Zealand, from our Kapiti base in the Wellington region.
Get in touch - we'd love to hear from you!