Securing your website from hackers
Web security is a matter of importance today on the internet as there are hackers all around the world trying to hack websites, yes including yours. They could even get your business website blacklisted from search engines like Google.
At Towy Web Designs we can add extra web security to your new or existing website. If you already host your website with us then you will probably already have some sort of protection in the form of free SSL certificates with every website package.
Unfortunately, an SSL certificate isn’t enough as hackers can still bypass this security feature using what’s known as a Man in the Middle attack (MITM).
What else can be done to improve Web Security?
There are a number of extra security features that can be implemented but first we at Towy Web Designs would need to check how your website is set up. With doing this we can see what improvements need enhancing to help secure your website.
Use Strong Passwords
The easier a password is the easier it is going to be for a hacker to gain access to your website. The use of strong passwords is therefore a must for Web Security and it’s built in to WordPress so there’s no excuse to use weak passwords.
Installing WordPress Security Plugins
The best WordPress security plugins are Wordfence and Sucuri, they are both similar but do have some different features. We at Towy Web Designs have both plugins installed and configured so that it is harder for the hacker to gain access.
One great feature of Wordfence is to limit the amount of failed times a user or bot tries to login. WordPress allows an infinite amount of times which leaves your website open to Brute Force Attacks where they try guessing your passwords. If you limit failed login attempts to just 3 then after this the user is locked out.
Regular Website Backups
Every business or non business website should have a regular backup strategy in case things go wrong. If you update your website with new content or make changes on a daily basis then ideally it should be backed up daily. If you update on a weekly or monthly basis then update your website accordingly.
For WordPress websites, before you update the core files, themes or plugins again your website needs to be backed up first. At times when these files get updated not all files get uploaded properly so when you update the plugin it doesn’t operate or look as expected.
HTTP Security Headers
Extra security for your website can be applied here and they will help prevent hackers from gaining access to your website. These extra security features are not normally set so a scan of your website will reveal what security improvements need to be done.
If there are no HTTP Security Headers in place then these can be directly inserted into the root .htaccess file or using a WordPress plugin.
- X-Frame-Options – Deny or Sameorigin
- X-XSS-Protection – 1; Mode = block
- X-Content-Type-Options – nosniff
- Strict-Transport-Security (HSTS) – max age, IncludeSubDomains, Preload
- Referrer-Policy –
- Content-Security-Policy –
Hackers are very clever
Hackers of websites are very clever and they will always find new ways of trying to hack a website so putting these security measures in place is a good start but it’s not 100% guaranteed that they will try and find another way but it is a good start.
Let Us Secure your Website for you
If website security is too technical or you don’t have the time to secure your website then why not let Towy Web Designs do it for you. We can do a Website Security Audit, advise what needs improving and then fix the security issues.
How much will it cost?
This crucial Web Security Service is charged at £120 per website and will include the following:
- Web Security Audit
- Applying necessary web security measures found in the audit.
- If you have SSL certificate installed then enabling HSTS – this is a must as it makes sure your website is only deliverable via https only.
Testing your SSL certificate and Web Security
The links below can be used to test your SSL certificate and your website’s Web Security. Maybe test it first then when you’ve successfully have used our Web Security Service you can then compare the results.
- Observatory by Mozilla
- Qualys SSL Server Test
- High Tech Bridge – Test your SSL certificate
- High Tech Bridge – Test your Web Security
All of the websites above are recommended to use but they do give out slightly different results but High Tech Bridge allows you to download the results in a PDF document.
Test your website now and see if you need our help to implement extra Web Security!
If you would like to improve your Website Security then please Contact Us Now.