Malware can infect our websites, not just our personal computers. The basics of protecting your website include:
- Keeping your computer secure
- Using strong passwords
- Keeping your website’s software updated
- Making regular backups in case of disaster
Read on for details, and for more suggestions.
Basic Security Measures for your Website
Keep your computer secure
Start by keeping your computer secure, so your website passwords don’t get stolen by malware. Follow Cruzio’s Security Tips.
Take extra care on public Internet connections
Generally, do not manage your website from a public wifi connection. Others using the same connection could learn your passwords while you’re logging in to your website, or using FTP.
The exception: it’s fine to log into and use your domain’s control panel, since it uses encryption (notice the https in the browser address of your control panel—s stands for secure).
Set strong passwords
Set strong passwords for your website’s control panel, administrative user account, and FTP access. And if your website is compromised, change them. Follow these instructions for changing your hosting passwords.
Keep your website software up to date
Old web software often has security vulnerabilities that make your website an easy target. Web applications like WordPress, Joomla, and Drupal are miraculous software that make building and maintaining a website so much simpler—but you must keep your copy of that software up to date.
Installatron does upgrades, not just installs
If you installed your site software using Installatron, then use Installatron to apply upgrades. It’s fast and easy. Installatron makes a backup of your site right before upgrading, too, so in case something were to go wrong, you could quickly and easily restore the previous version.
Plugins count too
If you’ve installed any plugins or extensions to your web application, make sure you keep those items up to date as well. Plugins are like mini-applications, and they need the same care as your main web software.
Back up your website
No matter how many precautions you take, there’s always the possibility that your website may become compromised. If or when that happens, you’ll want to have a recent site backup in good shape.
Back up your website on a regular basis, but only when you’re reasonably sure that the site is in a healthy state. If your only backup is infected with malware, you’re not going to want to use it to restore a damaged website. You can use a free scanner to check your site’s health, though a good result is not a guarantee.
If you installed a web application with Installatron, then use Installatron to create backups. It’s very easy, and you can keep multiple backups if you wish. Installatron backups also have the advantage of being very easy to restore.
The other control panel backup tool
If you installed or built your website manually, use the “Backup Your Account” link in your control panel’s sidebar. Click the icon under the B column to create a backup. Check the boxes of all the items you want backed up. Note that you can only keep a single backup on the server at a time, and that there is no restore tool. Just like you built your site manually, you’ll have to restore it manually as well.
Additional Security Measures for your Website
- Don’t use the username admin to administer your website, since this is the first guess someone would try if they’re trying to get into your account. Create a new user with administrative privileges, then delete the old admin user. (This approach is sometimes called “security through obscurity.” It’s not an absolute protection, but it’ll slow down an attacker.)
- Password-protect your website’s admin directory with a different username and password than the ones used to actually administer your website. In other words, require a login before even allowing access to your website’s admin login form. This adds another layer of protection.
- Learn best security practices for your web application. Here’s security documentation for some popular applications:
- Install security plugin(s) for your web application. It’s probably wise to use only well-reviewed plugins from the official repositories:
- Sign up for Google Webmaster Tools, create a profile for your website, and enable notifications. Google will notify you if they detect problems with your site.
Website Security Consultants
Maybe you have limited time for reading, researching, and implementing security measures for your website. If you want to enlist someone to handle it for you, hire a consultant with experience in website security. You can check the Computer and Internet Services section of Cruzio’s Guide for local professionals.