7 ways to secure your website from gremlins

Launching a website for your small business is such an exciting milestone, so it may be tempting to ignore the potential disasters that can happen to the website. Unfortunately, hackers and bots (gremlins) do not rest. As a matter of fact, it’s been shown that most online traffic comes from bots!

Every day, your website could be exposed to any number of attacks from hacking tools, scrapers, scammers, impersonators, and bots. There are many different ways a website can be hacked. There are many different parties with different motives and techniques out there trying to hack into websites 24/7.

As a small business owner, your website is a big part of running your business, which is why it’s especially vital that you make it completely secure. We’re sharing a few key ways you can keep your website secure and prevent attacks that can negatively impact your website, and your business too.

A green padlock keeps a bright blue cabinet door closed from unwanted guest

Why is website security so important?

Your website could fall victim at any time

One of the key reasons you should prioritise website security is the fact that it’s actually pretty likely that your website will be attacked at some point. In fact, research has shown that there is one hacker attack every 39 seconds

Whilst some might think their business won’t get hackers’ attention, it’s worth noting that hackers don’t often care who your business, brand, or website is. In many cases, they are merely trying to find any website on the world wide web which has a vulnerability. That could be a small business, medium, or large one.

Additionally, cloud-based firewall provider, Sucuri, has released a report that they blocked over 170 million attacks in a single year – worryingly, it was a 52% increase from the previous year. So don’t underestimate how common website security attacks really are!

Google prefers secure websites

You should know by now that Search Engine Optimisation (SEO) is vital for your website to show up in Google search results (known as Search Engine Results Page – SERP). So it makes sense to play by Google’s rules as much as possible.

You may have noticed that some websites have a HTTPS website address. This signifies to Google that it has a Secure Sockets Layer (SSL) certificate. This is an internet security protocol that encrypts the data on your website. Basically, if someone accesses your data, all they’ll see is a bunch of meaningless, garbled symbols that are impossible to decrypt. Known interchangeably as Transport Layer Security (TSL), having this certificate shows Google that your website is secure.

On the other hand, if your website does not HTTPS, Google Chrome immediately marks it as ‘Unsecure’ and will block user access to your site by showing a security warning. Additionally, Google may also blacklist your website, removing it entirely from search results! This could be devastating to your revenue and your business reputation.

Hackers can target your customers through your website

If your website remains unprotected, hackers can use your website to access your customers’ data and infect site visitors with malware. Most users are familiar with the risk of phishing scams and other ways their data could be compromised, but many are still unaware of how much they risk every time they visit an unsecured website. 

Data is a precious commodity, and can include personal information like passwords, birth dates, and addresses – the exact details that can leave customers vulnerable to things like scams and identity theft.

Over the last few years, data breaches have affected a number of businesses, making front page news. The repercussions are still being felt. Make no mistake: the knowledge that their data is being compromised will make even your most loyal customers unlikely to visit your website ever again. 

It is easier to protect your website than to clean it up

If your website has undergone any kind of attack, the first thing you need to do is find the source of the breach, a step called forensics. Sometimes it’s easy to identify exactly what went wrong yourself, but at other times, this can be a long and tedious process. This is especially true if you have a lot of files and pages on your website to scan through. 

The next step is remediation – essentially taking the steps to secure your website from future attacks. Again, this can be quite complex, especially if there are multiple areas of vulnerability. Lastly, a compromised website might be blacklisted by Google or other providers, so you will need to apply to have your website removed from their blacklist system.

It will definitely make it easier for you to secure your website and keep it running if you choose to outsource this process. This, of course, comes at a price. And it’s very likely that this price is a lot higher than just investing in your website security in the first place! 

For example, we charge A$200-A$250 per incident to help scan and clean your website, whereas our Green Web Hosting plans include all the necessary website security as well as a bunch of other features, and pricing starts at only A$75 per month.

Mobile phone which is secured by a virus software

How to secure your website

1. Install SSL 

We’ve discussed the importance of having an SSL/TLS certificate in the previous section, and exactly how it can affect your search rankings on Google. Installing SSL/TLS is non-negotiable – it’s absolutely essential that your website has a HTTPS web address and built-in data encryption.

Installing SSL/TLS can be done two different ways. One way is through your web hosting. For example, SSL/TLS certificates are included in all our Green Web Hosting packages here at LYF Solutions®. If you have the technical know-how, you can generate your own free SSL certificate through the Let’s Encrypt initiative.

2. Install anti-malware software

In addition to fighting traditional virus attacks, anti-malware programs can also protect your website and your customers from things like spyware and ransomware. Spyware puts you and your website users at risk by stealing information from your devices, whereas ransomware locks you out of your device or website until you pay some kind of ransom to the attacker.

There are a few different anti-malware software out there that you can use to protect your website to scan for and prevent these attacks, so you’ll need to do the research to find what works best for you. 

It’s important to note that you should also protect your devices from malware or viruses. A computer and multi-device malware or virus program will scan your computer and device for any vulnerabilities. If there is no protection or no regular scans, you have the chance to infect not only your computer, but the documents you store with a virus – which could potentially be sent to a client in an email attachment, or worse get into your website!

Your web host can help you with finding website solutions too, or it may already be included. For example, our clients have access to Sucuri through our Grow and Achieve Green Web Hosting packages in addition to our server firewall and security software included in every plan.

3. Secure your passwords

Make sure you use different passwords for all your logins, and ensure that the passwords themselves are strong and difficult to guess! A strong password has a combination of numbers, letters, and symbols. You should also avoid using your passwords on a shared or public computer, or even on your own computer if you’re using an unsecured WiFi connection at a public place.

If it’s difficult for you to remember different passwords for each one of your logins, then consider signing up for a password manager like LastPass, Keeper, or Dashlane. Also, where possible, turn on two-factor authentication for your logins to make it more secure.

4. Keep your website plugins and software updated

It’s really important to note that plugin and software updates aren’t just to keep your website looking good and working well – they also frequently contain security updates that are vital to keeping your site safe!

Depending on the website builder and content management system (CMS) you are using, there are different ways for you to find out if you are required to update a plugin, app or software. However, it’s most likely that you’ll see an alert whenever you log in. 

If you don’t have the time to manually update all your plugins, consider using a web host that includes this as part of their services, like we do.

5. Avoid human error

A large number of cyber attacks are caused by human error – some put the number at 95%! No matter how many things you do to mitigate the risk of attacks to your website, it’s likely that you are the weakest point and biggest security risk.

That’s why being savvy about your cyber security needs to be a part of your skillset. Simple things like deleting scams and phishing emails, keeping your passwords secure, encrypting your communications, and only downloading things from trusted websites – these are some of the practices that can help reduce the human error factor when it comes to your website security.

6. Always save backups

No matter what type of website you have, and how many files and pages it contains, you can bet that it’s much better to restore it from backup than to rebuild it from scratch in the event of an attack! So make sure you are routinely backing up your website, files, and pages every day or at least once a week.

As a web hosting provider, we back up all our clients’ websites daily as part of our web hosting packages. We also backup all our servers, because we believe that you should have more than one solution when it comes to data backup.

If your web host does not do backups for you, then you should look into a website backup service like Barracuda or DropSuite. Alternatively, if you have a WordPress website, you can install a website backup plugin like UpdraftPlus or BackupBuddy.

7. Install security plugins or apps

Speaking of plugins and apps, you can make your website more secure by installing tools that specifically protect your website. All our packages include the iThemes Security Pro plugin, which protects you from a wide range of attacks and even detects suspicious activity.

There are literally hundreds of different website security plugins available, so make sure you do your research and consider only installing plugins and apps from a reputable source.

A person mapping out their website security plan

Say bye-bye to gremlins and hello to a secure website

In this day and age, a small business relies heavily on having a trustworthy web presence. Your website reflects your business in so many ways, so make sure your customers know they can trust you with their data.

Our Green Web Hosting plans are perfect for small business owners who want a secure website without all the hassle of doing it themselves. We do all the hard work for you so you can feel confident about providing your customers with a safer and more secure website experience! Our carbon neutral operations also allow your website to support your business while being ethical and earth-friendly. 

Disclaimer: No guarantees are provided based on the advice, solutions offered, or suggested. Please consult your own independent advice and take extra steps to secure yourself online. For terms and conditions related to each application or service, refer to the respective third-party website at your own discretion.



More inspiration

Good for the environment

Want to reduce your small business carbon footprint further?

To inspire your business to do better for the planet, we’ve prepared this detailed eBook with 30 tips.

We’ll send you more wisdom and news monthly which you can opt-out of at any time.