Website security issues are not only detrimental to your website but can result in loss of data, website downtime, data breaches, being sued, slandered, and even put you out of business. Website security is no joke. Many small business owners don’t realize that they are liable for a number of security issues that could go wrong with their website. And an alarming 87% of websites have some sort of security vulnerability. So in this article I’m going to dive into 5 website security tips every website owner should know.
- Never give out server login. You should never give out your server login to anyone you don’t fully trust. Anyone working on your website should be the only one you give your server login details out to. Think of this as the keys to your house. You would just pass these keys around unless you really trust them. Only give out the keys to your website to those you trust to come into your home.
- Don’t share passwords in emails. You may not realize this, but anyone can read your emails! Yes, anyone can do this. All they need to do is intercept your Internet connection and they can read the emails being sent or received. This is why you should never send full login or other personal in an email. If you have to send any of your website’s login details via email, then you should split up the username and password into two separate emails that way it’s harder to identify. And in case you’re wondering what someone could do with this info. They could login to your website, steal all your data, delete your website, or even worse replace your website with embarrassing pictures or photos. If you get what I mean. And yes, I’ve seen this happen, so don’t send your full login details in an email. At our Tampa web design company, we never send passwords with usernames in the same email. You shouldn’t either.
- Never store credit card info on your website. I would suggest that you never store full credit card information on your website. If you do, you have to be PCI compliant. Which is a compliance regulations set forth by the credit card companies. If you don’t follow compliance with that the credit card companies will no longer allow you to charge their credit cards. Additionally, should your website get hacked or there is a data breach you are fully responsible for all damages. So instead of risking that you should have a credible third-party who is fully PCI compliant and secured to handle such data. That way that third-party company is responsible for any security or data breach issues. There are many options out there for this. One of them is Stripe.com, which they will store and charge your credit cards for you.
- Have a Privacy Policy, it’s the law. You may not realize this, but it’s the law to have a privacy policy on your website. Actually, it’s the law in several states in the US, one of them being California. And if your website can be accessed (viewed) in California then you are required by law to have a privacy policy that visitors can easily find and read. I typically suggest just adding a link to your policy in the footer of your website. And in the policy include what steps you take to keep information private and what information your website might gather from viewers.
- Encrypt your website. If your website takes orders, or display any personal or private information you want to encrypt your site with the same type of encryption you see on bank websites, etc. Your legally responsible for any information that is sent to your website. So if your site gets hacked your responsible for any data that was breached. By encrypting your website can help prevent hackers and eavesdroppers from getting information as people send it to your website via online forms, or checkout pages.
- Apply all security patches. You should apply all security patches when they come out. If your website is built on something like WordPress, Magento, or another platform, you want to keep up-to-date with any security issues. Most platforms have an email newsletter that will inform you of any security issues. You’ll want to keep abreast of this and apply any patches immediately, because chances are if they are announcing a security issue that means hackers are already targeting sites with that issue.
- Block countries. If your website should only have visitors from the US or specific countries, then it’s a good idea to block traffic from other countries. Otherwise, chances are you’ll periodically have hackers and spammers from other countries will attempt to hack and send spam through your website. To block countries you can use a service like Cloudflare. Or you can reach out to us with our free evaluation and we can provide you with ideas on alternative methods for blocking countries.
If you’ve like a free website security evaluation, or you need help with any of these above points, then take advantage of our free evaluation by using the link below.
0 Comments