DIY Website Safety Checklist

Internet Security is pivotal to a website’s success. With so many cyber-criminals constantly looking for security loopholes to exploit and website’s to ransom, online business owners have to constantly run website security checks to stay ahead of cybercrime.

Cyber Criminals have been around as long as the internet and has made the prerequisite for cybersecurity a necessity rather than a choice. In recent years the type and frequency of these attacks have made the need for advanced cyber security that much more imperative. Therefore the subject of cybersecurity isn’t just for the IT Department anymore now the talk of having advanced internet security has moved to the boardroom; as a result of cyber breaches and attacks costing upwards to £25,700 in costs related to ransoms paid to hackers and computer hardware replacements.

Types of Attacks your Website can sustain

  • DDoS — this type of cyber attack will flood your site with heavy traffic and service requests, which will overwhelm your server and bring your site offline.
  • Brute force — cyber attackers use an application that cycles through password combinations until they find one that works leaving the door open, and the hacker will have unlimited access to your site.
  • Malware — Malware covers things like worms, viruses, spyware, and more. This type of attack and can steal your sensitive information, erase your website data, and even infect the computers of users who visit your site. Thus ruining your reputation.
  • Injection — a cyber-criminal uses an injection to insert malicious data or some kind of command that forces your site to give the hacker access to sensitive information.
  • Scripting — Cross-site scripting allows hackers hijack your website’s traffic, or change it in some way.

Running constant Website Security Checks means that you are frequently checking your Security Defenses for weaknesses, and loopholes. The strictest vigilance should be employed in protecting your site against hackers, malware, social engineering, phishing scams, DDOS attacks and everything else cyber-criminals can throw against it.

To help you we’ve put together do it yourself list of Safety Checks that you can run on your website weekly to ensure your security is airtight.

10 Point Action Checklist for Website Safety

The following list of actionable steps will ensure that your website is constantly fortified with the security measures it needs to withstand and thwart attacks launched by cyber-criminals and hackers. Recommended frequency of checks should be done either weekly, bi-weekly or monthly. Use your discretion when considering how often you need to run all or some of these checks.

  1. Enable HTTPS with SSL Certificates
  2. Update webpage plugins and other software.
  3. Get rid of unnecessary plugins.
  4. Enable automated backups.
  5. Monitor file and website integrity.
  6. Protect against DDOS and brute-force attacks.
  7. Update your username.
  8. Auto-generate and change passwords constantly
  9. Scan DNS and WHOIS
  10. Run online website safety check

Let’s get started.

1. Ensure you have SSL Certificates enabled with the https:// protocol.

If your website doesn’t already use the secure https:// protocol then you should remedy that as soon as possible. The https:// protocol enables the encryption of information to be sent safely between users’ browsers and your website’s servers. Owning a website without SSL Certificates installed is a rookie mistake you should definitely not partake in. Protecting your users’ data is a priority as a website owner. If you’ve been using them then you need to ensure that you are not experiencing errors and have enabled them the problem. This internet protocol is also tantamount to SEO success as Google has now begun to flag websites that do not have it enabled.

2. Update Webpage Plugins and other Software

When using content management systems like WordPress, you must ensure that your plugins and software are constantly updated. When plugins aren’t updated in a timely manner, hackers can exploit loopholes or errors in their scripts when they are outdated. This can enable them to use a backdoor right into your site and cause you more problems than you’ve bargained for. When updates become available to download them immediately because developers are constantly upgrading plugins and software to ensure there are no security vulnerabilities.

3. Delete unnecessary Plugins to safeguard your Website

This is equally important as installing constant updates of plugins. If you have old plugins on your website that hasn’t been updated by the developer in months or you’ve completely stopped using them for whatever reason, be sure to delete them right away. Carryout constant audits on your plugins and ensures their utility and function are still necessary.  If you fail to do this you can leave yourself quite vulnerable and susceptible to cyber attacks. One way this is sure to happen is if a hacker or cyber-criminal decides to purchase an old plugin. Once they’ve purchased the plugin they can insert malicious code into the plugin as an update. If you’re notified of the update and install it, that malware can compromise your site and leave it open for takedown by a hacker. Avoid this again by deleting these old plugins in a timely manner.

4. Enable Automated Backup

It may seem strange that having an automated backup plan for your website is an aspect of security but it is one of the key components to a great security plan. Here’s why. If your website happens to be an unfortunate victim of a cyber attack, having a backup of it can help the restoration process happen that much quicker before the attack has the chance to kill your business’ reputation or can prevent you from using precious content and data. Many cyber attacks are launched to simply wipe a business’ hard work and history from the internet. Could you imagine years of data, content, blog posts completely being lost because you failed to enable automated backup?

Sometimes even having a backup of your backup is a great failsafe. Remember your website server contains your users’ sensitive information, financial details, your precious content, blog posts, and so much more so having a backup is one of the top priorities in terms of sound Security.

5. Monitor File and Website Security daily

Another crucial point in your security checklist. Keeping a watchful eye on your site’s files and overall website.

Be extra careful of all the files you upload to your site and ensure that you’ve scanned them for malware. Files like photos, word docs, PDF and more can contain malicious malware that cybercriminals can use to gain access. Check files for corruption before uploading.

For your overall website health and security, you also want to use excellent monitoring tools that ensure your site is checked at intervals.

6. Protect against DDOS and Brute-force Attacks

Protect website from attacks
Image source: elements.envato, Website security threats

Cybercriminals and hackers will sometimes use DDOS attacks for the sole purpose of knocking your site offline for long periods of time. This tactic can tarnish your reputation among your client or customer base and cost your countless dollars in revenue. That is why it is important to have preventative security measures in place to prevent DDOS attacks before they happen.

Alternatively, hackers can use brute-force attacks to gain access and control of your website. Hackers use applications that can continuously generate passwords until they crack the passwords guarding your site’s most precious controls. To prevent this you want to use the best password practices.

  • Use long passwords that are a combination of letters, numbers, and characters.
  • Change those passwords often. You can also automatically generate passwords but ensure they follow the rule above.
  • If WordPress is your content management system then use a plugin called Limit Login Attempts to safeguard your site against such attacks.

7. Update your Username

It is advised not to use the generic username “Admin”. Especially because brute-force attackers will know exactly which directory to pinpoint. Create a different username and delete the “Admin” username. That way if somehow a hacker is able to get in via a brute-force attack they have no idea where the real “Admin” directory is. A good practice is to change the username often.

8. Auto-generate and change Passwords Constantly

We’ve talked about brute-force attacks and so this one should be a ‘no-brainer’. You do not want to create passwords that contain information about you, like for example your last name and birthday. If the hackers have done some digging via social engineering they could figure that out easily. Therefore, we suggest using auto-generated passwords. Remember they should be long and contain a combination of letters, numbers and special characters. Change them often like once or twice a month for added security.

9. Scan your DNS and the WHOIS Directory

Scan and monitor your DNS and WHOIS listings, whether you check it manually once a week, or use a plugin that does the job it is highly recommended. The Sucuri security plugin, for one, will keep track of this information for you and is automated. But it also helps to have two-factor authentication turned on for your email and social networks to avoid breaches. Why? Consider this scenario I once read about.

A crafty hacker once stole a domain name by reverse engineering a website owner’s email address. The hacker used the “Forgot My Password” feature on the owner’s domain registrar and got in, changed the email and stole the domain.

This could quite the dire situation and hard to work out if the domain is stolen. To avoid this consider enabling Domain Privacy but once your domain is logged in the WHOIS directory your information is out there available to anyone. Thus monitoring this is key to your website’s security.

10. Run an Online Website Safety Check Regularly

Scanning your website regularly for security loopholes and other weak spots in your website’s armour is highly recommended. There are many online malware checkers for websites including plugins for CMS like WordPress. The Sucuri plugin for WordPress is free and can scan your website and ensure your defences are working adequately to protect your site and its data.

In the End

The security of your website is your responsibility along with protecting your users’ data. Ensuring this can be done by following this checklist. Breaches by cybercriminals can definitely be avoided once you use vigilance and the security tools at your disposal. Take standard audits of your site and ensure that you are constantly updating your security detail.