1. All websites should have an SSL Certificate. This will give your visitors the confidence to shop and use your website securely. Plus Google will give SEO ranking priority to sites that have an SSL over those that do no. SSL Certificates are available through many website hosts for FREE use Let’s Encrypt; but you still may want to purchase one based on your website needs. Consult a professional for a subjective recommendation. Many hosting company support teams will only offer you a paid SSL.
You can tell a site has a SSL Certificate installed when you see the green padlock in the URL address bar on most browsers and the url will start with “https” and not “http”.
Pro Tip: If you have a certificate installed but are getting mixed error messages and need help figuring out why, run your site through a test at https://www.whynopadlock.com/
Use Secure Logins & Passwords
2. Use secure logins and passwords. If you have a WordPress website it is important that your login is not “Admin”. That is a well known default login for the quick install options and hackers know this. Most brute force attacks and password guessing schemes use ‘admin’ as the login and try to guess your password to gain access to your site. Always use a personalized login name or your email address and a very secure password.
Pro Tip: Use a password management tool like LastPass to store and keep your longer more secure passwords. This will help you eliminate that spreadsheet or sheet of paper you keep with 100’s of passwords and it will allow you to use different passwords everywhere. It is not safe to use the same password on multiple logins online.
Use A Security Plugin
3. Use a security plugin. If you have a WordPress website, there are several security monitoring plugins available. We recommend Sucuri or Wordfence. These are ideal for monitoring your site from brute force attacks, malware and hardening core files. They both offer different levels of protection including firewall protection. If your site has already been compromised Sucuri can help you clean it up as well.
Pro Tip: Back-up your site regularly. In the event your site is ever compromised, having a revolving set of backups is essential. We recommend maintaining backups on a seperate server than your hosting server. For example you can add a plugin like UpdraftPlus and set your backups to be stored on your Google Drive or Amazon AWS account. These are easy to retrieve and download in the event you need to restore your website from a hack.