Skip to the content

Hackers are using ever more complex tools and techniques to hack into websites.  Some say in the industry its about when you get attacked as opposed to if you get attacked.

How to protect your website from hackers and other malicious attacks.  Lets look at some cost effective ways in which we can make our website more secure?

Some Basics

  • Add a good SSL Certificate and consider opting for the EV SSL Certificate.
  • Ensure your website is https:// "Secure by Default"
  • Sign up to Google Search Console and ensure this is connected to your Google Analytics Account.

Good Cyber Hygeine

  • Consider your password and login policy, who has access to your website?
  • Hide your back office paths, eg /wp-admin, /administrator etc.
  • Change default user names, eg "admin"
  • Add security features such as IP Restriction.
  • Consider MFA/2FA (Multi Factor Authentication)

Update your CMS and Web Server

  • Ensure your CMS is up to date, with the latest patches and security updates, including 3rd party plugins.  (Remember custom code can be wiped out during core updates)
  • Ensure your web server is up to date with the latest security patches.  (are you on shared or dedicated hosting?)

More Advanced Web Security

There are some other more advanced aspects to web security for you to consider, the main questions for all these are who is responsible for this, who does it, what does it cost, how often?

Web Site Scanning

  • Regularly scan website for latest issues.
  • Most 3rd party scanning keep themselves up to date in real time for the latest vulnerabilities.

Web Server Port Scanning

  • Regularly scan web server and all ports for latest issues.
  • Most 3rd party scanning keep themselves up to date in real time for the latest vulnerabilities.
  • Consider other parties on shared hosting?

Web Application Firewall (WAF)

  • Web application firewalls, filter traffic at the ‘application layer’ and can protect against attacks such as SQL Injection, XSS, Remote File inclusion or Cross-site Request Forgery CSRF and DDoS attacks.

 

About the author

Nigel Brown

Nigel Brown is the technical director at dotRetailer.com, with over 20 years of industry knowledge and practical experience with a particular interest in eCommerce, Web Security & Azure Cloud technology.   

The eCommerce market place is still growing and is expected to get even bigger by 2022.
How is your online business performing?

Nigel Brown

dotRetailer.com

Sketrick House
16 Jubilee Road
Newtownards
BT23 8GN

email : hello@dotretailer.com
tel : +44 (0)28 9122 5780

Services

What We Do

eCommerce Platform / Digital Marketing / Google Analytics / Corporate Website Development / Web Application Security