Website Security Best Practices

In a recent Google report, 32 percent more websites were hacked in 2016 than in the previous year. We've noticed an increase as well. Recently we have helped multiple clients recover from website hacks. Being proactive is critical to protecting a site.

Bartlett has extensive experience in helping clients take preventive measures to safeguard their websites. Here are some of the services we offer.

Security Audits

Our website security audits measure a site's performance against a list of criteria. This includes a code and CMS review documenting vulnerabilities and providing recommendations to lock the site down. Vulnerabilities can exist with core content management system software e.g. WordPress and Drupal, 3rd party contributed plug-ins and modules, LAMP stack, and the Git Hub repository.

CMS Security

CMS's such as WordPress and Drupal regularly release security updates that should be installed when available as well as updating 3rd party contributed modules/plugins, and Themes. Drupal releases security updates more frequently than WordPress, has more robust security features, and is less of a target, since there are less Drupal sites than WordPress sites.  

Disk Space and Memory Usage

Reviewing these on a monthly basis to ensure proper bandwidth for your site is important. Website hackers use bots to crawl the internet to search for sites with enough bandwidth resources to launch their attacks. Without even knowing it, a website's owner may be helping a hacker carry out an illicit activity. A good first step to take if you see a sudden spike in bandwidth is to use a utility such as Sucuri to check your site.

CMS User Profile Setup

Usernames, passwords, administrative access permissions and account management are common vulnerabilities. See moer about the worst passwords to use. Best practices when setting up CMS login credentials include username and passwords that include a combination of characters, numbers, and symbols as well as 2 factor authentication.

Alerts Setup

Having a ‘site uptime’ utility that sends an alert when a site goes down is important since you may not be aware when it goes down. Uptime is a key metric that builds customer loyalty and trust, avoids lost revenue and maintains a sound SEO score.

Recovering from a website hack or security breach can be a slow and frustrating process, while also negatively impacting your business. Keeping your site CMS, contributed modules/plugins and Theme up-to-date, and using strong usernames/passwords and 2 factor authentication, will help prevent a security breach and maximize site uptime.