1 – Use SSL Certificates
As we pointed out in our article on HTTPS for Google, an SSL-protected connection is one of the first things you should equip your site with. Not only does SSL provide a high level of protection, but it can also help you get traffic. Chrome, for example, may refuse connection with pages that don’t adhere to this protocol, so by having an SSL-protected connection, you avoid losing website visitors.
Moreover, an SSL-protected connection can help with SEO, as Google considers HTTPS an important ranking factor for websites. As for the type of certificate you should opt for, you should know that even the very common Let’s Encrypt is enough to protect your site against intrusions or foreign entities spying your online activity.
2 – Keep the Site Up-to-date
Updating your website is essential for its security, especially when managing your content through and CMS. You can and should update modules, themes, and other components that require this action. As a guideline, it’s a good habit to check whether there are updates available and run them periodically (for instance, once per week).
If you don’t have the time for this activity, assign the task to someone with the right skills for the job. Whether you decide on an in-house expert or outsourcing, make sure the person responsible is also able to restore the site in the case of an error. This way, you prevent attackers from exploiting possible site bugs. On top of that, you can implement a policy of Security Assessment to check the effectiveness of your security measures, and further protect your data.
3 – Use Secure Passwords
It’s no secret that passwords are the gateway to the administrative backend of your website, where the CMS enables you to make changes. Many cyberattacks, in fact, are based on the knowledge of site passwords. That’s why it’s essential to protect these secret words to prevent unauthorized access to your website.
All users (and especially the administrators) should never use universal passwords that also give them access to other portals. Moreover, you should encourage them to save passwords in a secure keychain (like the one integrated with Firefox, for example). Remind users that all passwords should contain at least one capital letter and one non-alphabetic character. Also, it’s considered good practice for users to change their passwords every three months.