Common Website Security Issues

Much like a burglar tries to break into your home, there are hackers who may try to take advantage of known website security issues to break into your business website. Why, you might ask? Well, if you have an e-commerce website, they may be looking to steal customer credit card information. Or they may be a so-called “hacktivist” who doesn’t like what your company stands for. And then there are the hackers who break into a website because they can, just for fun.

Website Security Settings
Just like your home WiFi network router, your website comes with default usernames, passwords, and authentications. Make sure you or your web developer changes all of those to something secure. You should also disable guest accounts. Want to increase security? Use HTTPS and SSL.

HTTPS and SSL
Implement hypertext transfer protocol secure (HTTPS) on your website. This tells website visitors your site is secure, and you are protecting their information. Users will see a lock in the url. Sites without HTTPS show the words Not Secure next to the url. Yikes! In addition to HTTPS, you can add another layer of website security with an SSL (Secure Sockets Layer) certificate. This encrypts any communication between the server and the web browser. So anytime someone fills out a form with name, address, phone number, credit card number, etc., the information is encrypted. Another security setting to watch out for is the directory listing. Make sure you disable the directory listing on the server, as it can leak valuable information.

Plugins or Outdated Software
You will want to use as few plugins as possible. Each additional plugin increases your vulnerability to attack. The more code you run, the odds of someone exploiting website security vulnerability go up. With plugins, there are several things to keep in mind for security purposes.

1. Delete plugins when you don’t use them anymore.
2. Keep your plugins up to date. Do this manually if you can. The auto update feature can sometimes cause issues with your website.
3. Don’t run plugins that haven’t been updated in more than 2 years.
4. Use a firewall to protect you against Cross Site Scripting (XSS), SQL Injection, Malicious File Uploads, and Directory Traversal

If you use WordPress or another Content Management System (CMS) you will need to update the software whenever a new security update comes out. Failure to do so leaves you vulnerable.

Your Personal Computer or Laptop is Not Secure
You need to make sure your personal computer or laptop has antivirus software. Not only is this common sense to protect your personal device, but if you use your personal device for work, you can inadvertently transfer malware from your device to your website.

Not Backing Up Your Website
You back up your smartphone. You may or may not back up your laptop, but you need to be sure you perform a periodic website backup. It’s relatively easy to do, and it gives us a full version to restore, in case of a website security breach.

We Can Help You with Website Security
For the average business owner, all of this seems like a bit too much to handle, along with running your business. That’s where Coastal Web can help. Ask us about monthly monitoring of your website to ensure everything is up to date. Closing security loopholes, updating plugins and software, and performing a website backup are all important to maintaining your website security. Call us at 410-420-9390 or use our contact form to get started.