Websites 503 Logo

Websites 503 Blog

Blog Title: Web Hosting Podcast Talks Website Security Tips

Web Hosting Podcast logo

If you are a website owner or developer, website security is probably of the upmost importance to you. Despite all of your research on the topic you may still be wondering if you’ve done enough to keep your content secure. The constant need to stay on top of this topic is especially important if your website was built using a Content Management System (CMS) like WordPress, Joomla, or Drupal because hackers are always on the lookout for new vulnerabilities in these very commonly used CMS’s.

A conversation about website security between a long-time server administrator and a website developer

I recently sat down with Web Hosting Podcast host Tim Yardley for a lightning round QA on the topic of website security. Take a listen as we each answer 10 questions about the security of our own websites before taking a deeper dive into each of these 10 topics:

Web Hosting Podcast Episode 4:
10 WEBSITE SECURITY TIPS WITH MEGAN FERRELL AND SHOW FEEDBACK.

Compare our answers with your own and judge how well your website’s security stacks up?

  1. Is your CMS software up to date?
    Tim: Yes
    Megan: Yes
  2. Are you using trusted third-party plugins and themes?
    Tim: Yes
    Megan: Yes
  3. Have you changed default settings on your CMS?
    Tim: Yes
    Megan: Can I have a half point because sort of and sometimes?
    Tim: No, no half points
  4. Do you promptly remove outdated access permissions?
    Tim: Yes
    Megan: Yes
  5. Does your website URL start with HTTPS?
    Tim: Yes
    Megan: Yes
  6. Are you using a WAF (Web Application Firewall)?
    Tim: Yes
    Megan: I’ve dabbled in the dark arts of CDN but not currently, so “no”
  7. Is your server monitored for malware?
    Tim: Yes
    Megan: No (but really the answer is “yes” thanks to the CXS scans
  8. Do you use SFTP instead of FTP to upload files to your website?
    Tim: Yes
    Megan: Yes
  9. Do you have daily backups of your website?
    Tim: Yes
    Megan: Yes (but it is more like weekly)
  10. Are passwords difficult?
    Tim: Yes
    Megan: Yes

So this is all there is to website security?

Undoubtedly these 10 questions are a good litmus test and starting point for judging your website’s security. It is important to remember that each website may have it’s own unique set of needs and challenges when it comes to security. In addition, considerations like time and budget might also be factors. And, the topic of website security is an ever-evolving one so something that might be good practice today, might be useless tomorrow.

Other recommendations for having a secure website

With all of this in mind, Tim and I added a couple of security measures to the list for your consideration:

  1. Have you changed all default passwords sent to you when you signed up?
  2. Does your developer or another person know your passwords?
  3. Have you disabled and removed all unused themes or plugins?
  4. Have you moved you default login page?
  5. Have you considered enabling two-factor authentication?

Thanks to Inc.com for getting conversation started with their 10-topic online quiz.