By Nathan Sanders
Web security is about protecting your customers, your business reputation, and your online presence. While recovering from a security issue can be a long and expensive process, maintaining a safe and secure site is not as hard as it may look at first.
Protect your customers
There are many things that hackers can do with a hacked website, and most of them are malicious to your site’s visitors. Not only will all of these issues abuse your customer’s trust and drive off your site visitors, Google and other search engines and browsers will flag malicious sites and warn away potential visitors. Here are some things hackers can do to your site:
Hackers can take advantage of your visitors’ attention to place ads in front of them. They can sell their stolen viewership to black hat advertisers, and you lose control of what your visitors are seeing. You have worked hard for your audience and their trust, don’t let someone else abuse that trust with injected ads.
Hackers can install cryptocurrency miners to your site. These miners generate cryptocurrencies like bitcoin using your web server and your visitors’ browser, rather than spending money on their own electricity and computational resources.
If you have customer information or logins on your site, hackers can steal this information to use or sell. Not only does this abuse the trust your customers have given you, but it can also open you up to fines and legal penalties.
Hackers can prompt your visitors to download malware onto their computer, using the trust that you may have built with them to bypass their normal skeptical online behavior.
Protect your reputation
Your first impression to a visitor is critical, especially online where potential customers can evaluate multiple potential businesses in seconds. If the first thing a visitor sees when researching your company online is a malware warning or privacy warning, their trust in you will be shattered before it has any chance to form, and they will quickly move on to the next option in the search results.
Protect your online presence
Google and other search engines scan sites for security threats, and if your site is flagged, it can spell disaster. Google’s Safe Browsing service detects thousands of new unsafe websites daily, and if your website is one of them, it can be very difficult to recover. Visitors to your site will often see a full page warning from their browser, warning them that your site is unsafe to visit. While your site is blacklisted, you can expect a severe drop in visitors.
Preventing security risks (for WordPress)
While being hacked can be disastrous to your business, and recovering from a hack can take a long time and a lot of money, doing your due diligence and ensuring that you are following security best practices for a WordPress website doesn’t take that much.
Plugins and Updates
Be sure to keep WordPress core, plugins, and themes fully updated. As developers find and fix any potential security risks, they push out updates to keep your website safe. Additionally, vet all themes and plugins before you use them on your site. There are two quick and easy things to look for in a plugin:
- Regular updates. On the plugin’s page, look for the last time the plugin was updated. If the plugin hasn’t been updated on several months, it is very possible that it already has or may soon have a security risk that won’t be patched. You want a plugin that is actively maintained by its developers.
- Number of active installs. Look for plugins that are used by a lot of websites. Not only does this likely mean that the plugin at least does what it is supposed to do, being used by many websites gives the plugin a lot of testers, and gives the developers incentive to keep it up to date and secure.
There are many possibilities and options when it comes to hosting a website. Look for a provider that offers managed WordPress hosting with integrated security hardening, such as WP Engine or Pantheon. Additionally, watch out for shared hosting platforms. While they are cheaper, shared hosting means that the hosting provider is putting many different websites from different accounts onto a single server. This means that if one site is compromised, the hacker has a much easier time gaining access to every other site on the server. Even if your site is fully updated and maintained, someone else’s security threats may open up your site to more avenues of attack. Dedicated hosting can go a long way to keeping your site safe.
Wordfence and Sucuri are two providers of plugins that are dedicated to hardening your site’s security. Wordfence has a free version of their plugin, and if you like using the free version, the premium service adds many more tools and active measures to keep your site safe. Sucuri offers many similar options to Wordfence premium, as well as services for recovery in the event that you do have a security breach. If you are using a managed WordPress hosting plan, be sure to check with your hosting provider before using a security plugin. If the plugin and your hosting provider have overlapping security measured, they can often conflict with each other and cause problems for your site.
While keeping your website up-to-date and safeguarding against potential hackers can feel cumbersome at times, it saves you time, money, and trust with your customers in the long run. If you need assistance with your website, we can help!