Online Security: 12 Tips For Websites

It is an understatement to say that the Internet has changed both the business and the personal world for many people. This has been a revolution the likes of which have not been seen for many decades. However, the Internet revolution has prompted a need for greater online security and more responsibility for companies and individuals.

There are many actions you can take to improve online security both from a business and a personal point of view. In isolation, many of these actions may seem relatively minor. However, the cumulative impact can close many doors for the hackers. Privacy and data protection will become even more important in the years ahead. This was perfectly illustrated with the introduction of the General Data Protection Regulation (GDPR) by the European Union on 25 May 2018.

12 Actions you can take to improve your online security

We will now take a look at some simple actions you can take yourself to improve online security. You will no doubt have come across many of them but, in all honesty, how many do you actually action?

1. Change your passwords

It goes without saying, but it is worth reminding ourselves, you should change all your passwords on a regular basis. Make this part of your quarterly review, annual review or something you do on a monthly basis. Just remember that it is vital that you change your passwords regularly. Also, refrain from using simple passwords such as “password” or “123456”. These and hundreds like them are already on the action list of the hackers, if you use a common password you can bet your bottom dollar they will find you, eventually.

2. Backup your data

Online security is very important, and we appreciate the need to backup your server on a regular basis. If your site gets compromised backed up data lets you revert to the most recent “clean” backup and restore that data. Any changes made between the backup and the current date would be lost. This is a far better option to the alternative, compromised and insecure website files. No choice really?

3. Update all plug-ins

The vast majority of websites and blogs tend to include an array of very useful plug-ins. They can be anything from a simple contact form to displaying your latest Tweets, installation of Google Analytics of your site to the latest news. Content management software such as WordPress, which is an open-source system, attracts literally thousands of different plug-ins. These are updated on a regular basis when security flaws are found, improvements are made or the experience is enhanced. Ensure you are always up to date.

4. Update all software

In a similar vein to the need to update all plug-ins, you should also update software packages to the latest version. It is highly likely these updates have been released to increase security, improve CPU management or there may be a number of add-ons. You may also find that some plug-ins can be incompatible with updated software and potentially leave security flaws which the hackers will enhance. One more thing to monitor!

5. Monitoring software

If you use the likes of WordPress you will likely come across a number of very useful plug-ins which monitor software use, login attempts and alert you to plug-ins which need updated. One such package is known as Wordfence with even the free version alerting you to potential problems, attempted hacks and software which needs updated. There are more enhancements with the subscribed version but even the free service is worth looking at. Have you heard of DDOS attacks?

6. Ensure your SSL certificate is up-to-date

In years gone by, SSL certificates were an option for websites which were looking to add a further degree of security. Nowadays, if your website does not have an SSL certificate this will be flagged by the search engines and impact your traffic. An SSL certificate works in tandem with the enhanced HTTPS protocol and basically certifies that users are on the correct site. Security and privacy are paramount among surfers and website owners need to be seen to be doing their part.

7. Use HTTPS

As we touched on above, the secure HTTPS protocol adds another level of security to communication between browsers and websites. When you log onto a website you will see the URL which should begin with HTTPS. This means that all communication between browsers and the website server is encrypted – secure messages. Even if a hacker was able to intercept the data being sent/received it would be of no use to them due to the encryption.

8. Reduce your online footprint

Social media has developed into a monster. Its impact is far reaching in everyday life and business. So, caution should be the watchword. If you want to protect your privacy and your data it is advisable to reduce your online footprint. Retain as much information as possible away from the online arena. Think about it. How much information do people giveaway about their personal lives, friends and family on their Facebook pages? This can assist with identification theft, password hacks and bank account thefts.

9. Run regular malware checks

There is no doubt that competition on the Internet has led to an array of free services, some of which seem too good to be true. The problem is that some of them ARE too good to be true. Malware can be automatically installed on your computer via an email link or by visiting a particular website. This will give hackers access to your computer, your personal and private data which can prove priceless in the hands of criminals.

10. Two factor authentication

If you are a member of forums/discussion sites, there is every chance you will come across two factor authentication. This is a very simple but an extremely effective means of protecting accounts from fraudulent activity. When you login with your username and password you will receive an additional security code often via email or SMS to your phone. This security code will be required to complete access to your account therefore thwarting many security breaches.

11. Delete old accounts

Over the years it is highly likely that you will have accumulated an array of online accounts which you no longer use. This may include forum accounts to e-commerce accounts and everything in between. Use this simple rule of thumb, if you no longer use the account then delete it – one less potential security risk.

12. Delete old software

The same can be said of software packages for your business or even personal use, which you no longer use. If the packages are relatively old there is every chance that developments in hacking could offer a backdoor into your server and the potential to cause havoc. There is also the issue of memory use; if you aren’t using a package then why let it clog up your server?

Bonus: Securing devices

Whether you are talking about a mobile phone, laptop, tablet or any other type of Internet access/data storage product, secure devices are vital today. This may involve something as simple as passwords/PIN numbers or something as complex as an iris/fingerprint reader. The level of security installed will often reflect the type of data stored on the device.


The world has changed dramatically since the introduction of the Internet and the need for secure devices is paramount. Online security is not an option today but a necessity with passwords still offering basic protection. A greater focus on SSL certificates and the use of HTTPS encryption allows passed between browsers and servers. While some experts believe that usernames and passwords will soon be a thing of the past, this is not necessarily the case. Simple login details need to be enhanced. When enhanced, they make life as difficult as possible for the hackers.

In a worst-case scenario, if faced with a compromised website then you should have the option of reverting with a good old-fashioned backup. It is obviously not the most ideal solution. Nonetheless, it is one which will ensure you can continue trading in a “clean” environment and update your security.