A website can often be your customers main shop window into your organisation, whether it’s just to simply provide information or to perhaps sell products or services, it would seem sensible to try and protect it!

So what can you do?

This article will run through some key take away’s on how you can improve your website security.

1. Partner with a good web host. Choose your web host carefully and ask them what they have set up to secure your hosting package. In particular, look for Internet firewalls, good patch management of PHP versions, good physical security (i.e. is it stored in a highly secure data centre) and other software solutions they may provide on the hosting side.
2. Use SSL. It is vital that you have a secure certificate installed on your website. This will secure and encrypt any traffic sent over your site (protecting customer data) and will also provide some search engine ranking benefits.
3. Use a Content Delivery Network such as Cloudflare. The base package is free of charge and if you route your website traffic through this service you should notice performance benefits alongside security benefits. In particular, Cloudflare, and other similar services provided security benefits because it blocks a wide variety of hacking attempts.
4. Install a Website Application Firewall security plugin or add in for your site. If you use WordPress then you can install free software like Wordfence that will provide a variety of security benefits, including blocking repeated login attempts by hackers or looking for other suspicious activity. If you budget available then pay for the premium version of this or alternatives. Often these will cost around £100 per year and provide even more advanced security features.
5. Change your website administration URL from the system default. Whether it’s WordPress or another system, changing the URL from the default URL will make it harder for hackers to find your website and target it.
6. Keep your CMS and plugins/add on’s up to date. Keeping your CMS up to date and any other website up to date will help to secure your site. Suppliers are constantly updating software to keep threats out so keeping it up to date is a simple to do and easy method of keeping your site secure.
7. Whilst it’s not technically related to security per se – ensure your supplier or you, keep a regular website backup. Usually we would recommend you partner with a hosting supplier that does this for you but there is also software plugins/add on’s that can do this for you within the website.
8. Try and enforce a good password policy for any administration users and keep your admin users down to a bare minimum. Ensuring your few administrators use only passwords with minimum 8 characters including a number and special character will once again reduce the chance hackers could exploit your site.
9. Enforce MFA (Multi factor authentication) for any of your admin users. If your website system has the functionality then ensure you enforce MFA for all users. This will ensure that all logins to your back end are valid.

Here at IT Services at CAS, we have experience and knowledge in all of the above areas, and our hosting solutions come standard with the security features you need. If you are looking for a new website host or new website designer then please contact us and we’d be happy to advise further. Please contact Matthew Morling at matthew.morling@communityactionsuffolk.org.uk or by telephone at 01473 345321.