You’ve chosen your content management system (CMS), built your website, and now everything seems to be running smoothly. You’re getting more viewers and posting more content, but all is not as it seems. You’re responsible for your data and the data of your readers. You’ve put a lot of hard work into this site already. But it’s at risk. It’s incredibly easy for someone with no experience in coding or web design to create their own professional-looking website. Unfortunately, a lot of these novice webmasters fail to realize the potential risks to their site and their personal information. Domain hijacking, phishing attacks and other maladies that may affect your website are becoming an epidemic these days.
Don’t risk learning from experience. Prevent yourself and your website from falling victim to any of these attacks. To ensure that your website stays secure, here are seven tips to consider:
1. Your Username
Many CMSs come with a default username, such as “Admin,” but you shouldn’t leave it that way. If a hacker tries to get into your account, they may be using a bot, and if you have the default username, half the challenge is already gone. The bot needs only to guess your password. Instead, your best bet is to change it to something that isn’t your name, job, birthdate or any word in the dictionary.
2. Your Password
Your password is another thing that should be considered carefully. It gets to be a pain to remember a bunch of different passwords, but if you have a mnemonic trick (or good password manager that will randomly generate passwords), you should only have to remember one or two passwords—and passwords that aren’t memorable will be ones that aren’t easily hacked. These will generally contain some string of numbers, numerals and symbols, and they shouldn’t be written on a sticky note next to your computer!
3. Your Theme
If you’re using WordPress, Tumblr or any other popular CMS, you’ll find that you can choose from an array of available themes, many of which are free. But some of these themes are only free because the providers want to infect you or your site viewers with malware or spyware that is written into the theme’s code. Only use themes from known and trustworthy sources, and when in doubt, make sure you check over a theme thoroughly before installing. You might not even realize the infection is there until it’s too late!
4. Your Plugins or Extensions
As with themes, viruses could be running rampant in the plugins that you choose to install, so you need to make sure you’re only getting plugins from legitimate sources. There are plenty of free or cheap plugins available that will maximize your website’s security by limiting login attempts, checking the site for malware or other coding anomalies and more.
5. Your Internet Connection
An unfortunate and little-known fact is that whenever you connect to a public WiFi network your information is at risk. If you’re connected to a legitimate network, a hacker could use that link to connect to your computer and steal information or dump malware, even if you have sharing turned off. There’s also the chance that you aren’t connected to a legitimate network and have instead accidentally connected to a malicious hotspot deliberately set up by a hacker with designs for your information. When you connect to public networks, you need to make sure you’re aware of the risks.
6. Your Cookies
When you create your website, you need to make sure your admin password is impossible to crack and that you’re the only person with the correct password—but that’s difficult to do if your computer is sharing information about passwords and browsing history with every site that you access. Cookies, which are required by most sites in order to smooth your web browsing experience, aren’t always benign and can, in fact, compromise the security of your site! Most browsers allow you to turn off cookies, but many sites will bar you from accessing them unless you allow cookies. But definitely make sure you’re clearing your browsing history and cookies as often as you can!
7. Your VPN
Clearing your cookies won’t help you in all cases, unfortunately. That’s where a Virtual Private Network (VPN) comes in. A VPN will act as the go-between when you’re trying to access a website; rather than allowing your computer to blindly share your passwords and browsing history with the sites you’re accessing (or whoever else happens to peek in to your internet connection), a VPN will limit the data that’s sent and will keep all of that data encrypted so that outsiders no longer can view it.
Although the prevalence of user-friendly CMSs makes it easy for nearly anyone to set up a professional-looking website these days, new users too often fail to realize the security risks involved in the process. You don’t want your site to be a port through which hackers attack you or your site viewers with malware or spyware though, so make sure you study the risks and keep your security measures up to date!