Securing your website can be time consuming, often seen as additional steps and requiring more resources. So this area is naturally overlooked, often.
So, let’s just concentrate on 3 of the most common website vulnerabilities and how you can secure your website with easy steps.
1) Keep your CMS Platform Updated
One of the easiest and most important things to do is to keep your system updated. This includes the CMS itself, any themes/templates and plugins/components.
We normally build websites with open source CMS software like WordPress and Joomla nowadays. These applications offer great usability, but it is completely your task to ensure that they are up-to-date. Fixing known vulnerabilities in the old version of the CMS/plugins reduces the possibility of hacking.
Keep your website simple and use only those plugins/components that you need. Uninstall those 3rd party add-ons if you do not need them. These 3rd party plugins/components are actually developed by independent developers not from the core CMS team. It is your responsibility to assess the competencies of these 3rd party developers in keeping their extensions updated.
2) Use Strong Login Credentials
To login to the system, you only need the username and password. Do not ever use “admin” or your name as the username. For password, do not use “password” or simple ones like “123456”. These weak credentials give an open door to hackers.
Besides, you’d better enforce strong passwords and regular change for all users. For example, the length must be no less than eight characters, and uppercase letters and special characters must be included. If your site is built with WordPress/Joomla, this can be done easily by using a security plugin.
3) Secure the Admin Area of Your Website
The admin area is the backend / brain of your website, so you should try your best to prevent malicious access. Brute force attack is the most frequently seen method for hackers to break into the admin area of your site. You may actually secure this admin area if your hosting provider provides you cPanel for your hosting account. Alternatively, you may install plugins for various CMS platforms.
– For WordPress, there is a plugin here to achieve this. Typically, this is the link: www.yourwebsite.com/wp-admin
– For Joomla, you may find an extension here. Typically, this is the link: www.yourwebsite.com/administrator
Additional Steps to secure your Website
We have published previous posts on how to secure your website. The list to secure your website even more can actually be quite long, such as installing additional security plugins / components like Firewall etc. But with the above 3 basic strategies, you can be sure that your website is more or less well protected.