Grow Blog« back
Website Security Best Practices
In a recent Google report, 32 percent more websites were hacked in 2016 than in the previous year. We've noticed an increase as well. Recently we have helped multiple clients recover from website hacks. Being proactive is the best approach to preventing your site from being hacked.
Bartlett has extensive experience in helping clients take preventive measures to safeguard their websites. Here are some of the services we offer to help keep sites safe:
Our website security audits measure a site's performance against a list of criteria. This includes a code and CMS review documenting vulnerabilities and providing recommendations to lock the site down. Vulnerabilities can exist with core content management system software e.g. WordPress and Drupal, server configuration and 3rd party contributed plug-ins and modules.
Security Installation and Updates
Content Management Systems (CMS) such as WordPress and Drupal are constantly improving through various updates. But hackers are clever and are always on the lookout for loopholes. Please note, websites are not automatically backed up and susceptible to hacks if regular updates aren't installed regularly. Not only is installing the proper security plugins key but keeping them up-to-date is just as important because outdated systems are more likely to fall victim to attacks. And while you're at it, it's also beneficial to remember to update other plugins and themes, as hackers often try to exploit the vulnerabilities of any out-of-date third party applications.
Disk Space and Memory Usage Reviews
Reviewing these on a monthly basis to ensure proper bandwidth for your site is important. Website hackers use bots to crawl the internet to search for sites with enough bandwidth resources to launch their attacks. Without even knowing it, a website's owner may be helping a hacker carry out illicit activity. A good first step to take if you see a sudden spike in bandwidth being used is to see if your site has been hacked. See if your site might have been hacked at http://isithacked.com.
CMS User Profile Setup
Usernames, passwords, administrative access permissions and account management shouldn't be overlooked. Passwords such as "123456" or "password" are consistently listed among the worst passwords to use and could take an able hacker only seconds to crack. Among the best practices when setting up CMS login credentials include a custom username and strong password that includes a combination of characters, numbers, and symbols.
Having a ‘site uptime’ utility that sends an alert when a site goes down is always a good idea and serves as an insurance policy. If you aren’t checking your site every day, you may not be aware when it goes down. Uptime is an important thing to monitor to ensure that your business contains customer loyalty and trust, avoids lost revenue and maintains a sound SEO score.
Recovering from a website hack or security breach can be a slow and frustrating process, while also negatively impacting your business. Keeping your site up-to-date, using strong usernames and passwords, and being aware of your themes and plugins security vulnerabilities, will keep your site up and running undisturbed.