Blog Title: Web Hosting Podcast Talks Website Security Tips
If you are a website owner or developer, website security is probably of the upmost importance to you. Despite all of your research on the topic you may still be wondering if you’ve done enough to keep your content secure. The constant need to stay on top of this topic is especially important if your website was built using a Content Management System (CMS) like WordPress, Joomla, or Drupal because hackers are always on the lookout for new vulnerabilities in these very commonly used CMS’s.
A conversation about website security between a long-time server administrator and a website developer
I recently sat down with Web Hosting Podcast host Tim Yardley for a lightning round QA on the topic of website security. Take a listen as we each answer 10 questions about the security of our own websites before taking a deeper dive into each of these 10 topics:
Web Hosting Podcast Episode 4:
10 WEBSITE SECURITY TIPS WITH MEGAN FERRELL AND SHOW FEEDBACK.
Compare our answers with your own and judge how well your website’s security stacks up?
- Is your CMS software up to date?
- Are you using trusted third-party plugins and themes?
- Have you changed default settings on your CMS?
Megan: Can I have a half point because sort of and sometimes?
Tim: No, no half points
- Do you promptly remove outdated access permissions?
- Does your website URL start with HTTPS?
- Are you using a WAF (Web Application Firewall)?
Megan: I’ve dabbled in the dark arts of CDN but not currently, so “no”
- Is your server monitored for malware?
Megan: No (but really the answer is “yes” thanks to the CXS scans
- Do you use SFTP instead of FTP to upload files to your website?
- Do you have daily backups of your website?
Megan: Yes (but it is more like weekly)
- Are passwords difficult?
So this is all there is to website security?
Undoubtedly these 10 questions are a good litmus test and starting point for judging your website’s security. It is important to remember that each website may have it’s own unique set of needs and challenges when it comes to security. In addition, considerations like time and budget might also be factors. And, the topic of website security is an ever-evolving one so something that might be good practice today, might be useless tomorrow.
Other recommendations for having a secure website
With all of this in mind, Tim and I added a couple of security measures to the list for your consideration:
- Have you changed all default passwords sent to you when you signed up?
- Does your developer or another person know your passwords?
- Have you disabled and removed all unused themes or plugins?
- Have you moved you default login page?
- Have you considered enabling two-factor authentication?
Thanks to Inc.com for getting conversation started with their 10-topic online quiz.
Add me to your contacts.