Skip to main content
Risk Management Bulletin

Protect Your Website From Hackers With 13 Tips

By November 4, 2016No Comments

1611-rr-3-1Security in your small business must include your website. Otherwise, hackers can gain valuable information about your finances, customers and employees and put you at legal risk. Since hackers target businesses of all sizes, use 13 tips to protect your website.

    1. Complete software updates. They seem insignificant, but they keep your security updated. Set your system to update automatically and prevent you from overlooking this important security measure.
    1. Boost password security. Your password can include a variety of letter, numbers and symbols, but the most secure passwords are long phrases such as “ilikebananasandwiches”. Never write down passwords, and assign a different password to every user and account. Remind staff to change passwords frequently, too.
    1. Limit access. Everyone should not be able to access all accounts. Establish limited access as you protect accounts.
    1. Change the default database prefix. Typically, the database prefix is wp6_. Change it to something random.
    1. Install a web application firewall (WAF). Whether your WAF is software or hardware based, it reads all the data that passes between your website server and data connection to ensure it’s safe. For a small monthly subscription fee, you can also access a cloud-based WAF that blocks hacking attempts and filters spam and malicious bots.
    1. Install security applications. Several free and paid security applications slow down hackers. Some may even hide your website’s CMS, which prevents automatic hackers from accessing your site.
    1. Limit file uploads. They may contain bugs that give hackers access to your data. Instead, store files outside the root directory and require a script to access them.
    1. Use SSL. It’s encrypted and protects personal information as it passes from your website to your database.
    1. Serve your website over HTTPS. It encrypts traffic and prevents hackers from eavesdropping or intercepting passwords and other information.
    1. Never email user names or passwords. Email is not secure, and hackers can access email and all the information they need to get into secure accounts.
    1. Limit login attempts. If a user attempts to login more than three times, for example, set the system to lock down. Include password resets in this limit as you deter hackers.
    1. Scan every device for malware. All the devices plugged into the network should be scanned for malware when they’re attached to the network. Perform periodic scans as you increase security, too.
    1. Back-up frequently. Multiple times a day, your data should be backed up on-site and off-site in multiple locations.

Hackers can destroy your business as they steal data, ruin your reputation and put you at legal risk. Protect your website and reduce your risk of hackers with these 13 tips.