How to Keep Your Site Safe from Data Breaches

Website optimisation: making websites do their jobs, except better.

Picking up where we left off in our first article on nailing that crucial web speed, we’ll now shed some light on a question that’s existed for eons: how can I make my website secure?

Website breaches increased by 300% during 2020.

43% of all data breaches involve small businesses.

If your website isn’t totally secure, now is the time to learn how to make it happen. Read on for some vital FAQs!

Q: Should I be concerned about website security? 

Hacking is far more common than you’d think, especially if your site is processing payments or allowing users to submit data. 

For the most part, Content Management Systems (CMS) like WordPress are fairly secure. However, security issues can arise when you start adding independent plugins, like forms and themes. These features mean more code, more updates, and more maintenance – all of it essential for running a website.

You can conjure the most fantastically lengthy and complex password the internet has ever seen, but data breaches can and will occur if you don’t keep on top of your updates.

Q: What does it mean for a site to be ‘Not Secure’, exactly? 

When a web browser displays ‘Not Secure’, it’s notifying the user that their

connection is not encrypted. This means that anyone who happens to be listening in to that connection can see any data such as emails and passwords in plain text.

Essentially, this is like someone having x-ray vision and reading your mail without having to take it out of the envelope. Adding encryption would be like adding a lead liner to the envelope, preventing your mail from being read.

Connection security is incredibly important on sites that process payments or allow users to submit forms. A ‘Not Secure’ message displaying could easily lead potential website visitors to beat a hasty retreat.

Q: How do I make sure my website is secure?

Ongoing maintenance is vital when it comes to your site security. Reducing your number of plugins can also help reduce the sheer amount of code, which means fewer updates and far fewer backdoors for hackers to access your site.

Next, install yourself an SSL certificate. SSL stands for Secure Socket Level; basically, a way of encrypting data that makes sure VIPs have the right keys to see the important and/or sensitive data.

You can also do a few fixes on any site forms where users input data, such as hiding login routes from outsiders, and adding recaptcha to contact forms.

Q: What does it mean to back up my website? How do I do it? 

This really depends on how often the data on the website is changing, but there are essentially two types of material you should be backing up:

1. The website’s database.
2. Image and content uploads (i.e. media items in WordPress).

To backup your website means to make a copy of any data that might change frequently, and/or data that is not stored anywhere else. This includes things like contact form submissions and product orders. 

eCommerce and membership websites are both examples of situations where data is constantly changing, here, we’d heavily recommend a  minimum of one backup of each database per day. With easy cloud storage like Google Drive, there’s no excuse for not backing up. 

Q: Is there a simple way to check a website for security vulnerabilities?

There certainly is: check your pages.

That’s it. If you’ve got easy navigation on your website- and you really should- just take some time each week to click through them and check for any security alerts. If you know that your site is commonly used on mobile, check the mobile version as well. 

WordPress is usually pretty good at letting you know if there’s a backend vulnerability, as well as allowing you to easily make updates. This goes for most CMS, but with such a vast number of independent plugins, it still pays to check things out yourself.

Handling sensitive information, or running an eCommerce store? Security should be a top priority, so you may want to check in with an experienced developer to make sure your website is optimally secure. 

SBM’s Development team helps you and your website connect with customers and do better business. See more of their work here!

For tips on optimising website speed, check out part one of this article.