Website Security Tactics

Website Security

Website Security Tactics

by
Harry Bartlett

What follows is a summary of security tactics and how to clean out an infected site. Note if security is a priority it’s best to select a CMS and host that have effective security capabilities from the start e.g. Drupal is less of a target and has more extensive security updates and features than WordPress. Also hosting companies such as Pantheon and WP Engine provide more effective LAMP stack security and VPS plans than less expensive, shared hosting plans/companies.

Recommended security tactics:

  • Utilize a web hosting plan that includes dev environments for staging, development, and production (live). Use htaccess to secure/password protect dev and staging environments.

  • Set up backups either with the hosting company or on a local server if not already in place.

  • Use strong password protection and change yearly. Review user accounts and disable inactive users. Utilize 2-factor authentication whenever possible.

  • Utilize a secure Git Hub repository.
  • Use the more secure SFTP than FTP when uploading to the site.

  • Audit the site, scanning to find infected files and viruses, using software such as Droopescan or Sucuri.

  • Audit contributed modules and plugins. Use CMS core capabilities instead of 3rd party plugins. Disable modules/plugins that pose a security risk and develop alternative methods for that capability.

  • Audit the Theme and identify security vulnerabilities, and close back doors as needed.

  • Install a SSL certificate on the server if not already in place.

  • If malware is detected, clean out the infected files and viruses.

  • Install security updates on the dev site.

  • QA the dev site (manually and programatically e.g. link checker).

  • Update the CMS software with the latest core and contributed modules/plug ins.

  • Perform Quality Assurance (QA) to ensure the site is working properly.

  • Push the updated site to the live server

  • Perform post-launch QA.
  • Perform weekly or monthly security updates.

  • Perform weekly or monthly core and contributed module - plugin updates


Security is a process that requires ongoing tactics to minimize vulnerabilities. See more about our Support services.

About the author

Harry started Bartlett Interactive in 1998 and focuses on integrating best practices in branding, user experience design, Internet marketing and technology to increase the value of an online presence.
Read full bio »

Receive Your Free Audit

Want to boost your website's performance? Submit the form below to unlock a detailed report that evaluates the design, marketing and functionality of your website.