What would your reaction be? Wide-eyed disbelief? Exclaimed profanities? Questioning the meaning of the word “owned” in this context? Let’s hope you never have to find out. Better yet, let’s make sure you never have to by practicing these five website security habits.

1. Use secure passwords. I won’t lead you through the cryptography behind it, but most secure passwords are unique, long (14+ characters), and nigh indecipherable. I’m talking about strings of upper- and lower-case letters, numbers, and special characters that don’t even remotely resemble real words. Use unique passwords for every aspect of the site, including all of your domain registrar, control panel, email, FTP, database, and CMS accounts. Store them all in a utility like KeePass to make them easy to manage.
2. Keep your software up to date. Popular web platforms like Drupal and WordPress tend to develop vulnerabilities that are quickly patched with new releases. However, these patches can’t protect you unless you keep the software up to date. This applies to your site’s core software as well as any plugins or extensions you may be using. You should schedule time to review and, if necessary, update your site’s software on a weekly or monthly basis.
3. Use SSH instead of FTP. Standard FTP transmits information as plain, unencrypted text, allowing anyone on the same network to eavesdrop and learn your FTP login credentials no matter how secure they might be. For this reason, whenever possible, you should log into your site through SSH instead.
4. Perform regular backups. Assuming all of the above isn’t enough to keep a hacker out, backups ensure that your website is recoverable if your site is ever compromised. This includes the files on your web server as well as the information in your database. Automating this is fine if you can pull it off. Just be sure to perform these backups regularly, weekly if not more frequently. Backups should be archived as well, either monthly or quarterly, just in case the current backup itself is ever compromised.
5. Test your site regularly. Whether you use automated software or do it by hand, you should perform regular tests of your site’s important functionality. This ranges from simple uptime monitoring to form submissions and the like. Testing allows you to detect when problems occur, which could be evidence of a simple server failure, a glitch, or something more malicious like compromised code, all of which you’ll want to know about as soon as they occur.
    

It’s important to realize that no system is perfectly secure, so problems can still crop up even if you follow every one of these recommendations. Imagine, for instance, if your website is on a shared hosting environment and your web hosting provider is hacked. In that sort of a situation, there’s really nothing you can do to prevent it short of picking a different hosting provider.

The point is to plug all the holes you can. 99% of the time, when your site is hacked, it’s because you weren’t doing something on the list above. And even in the other 1% of the time, your site should still be recoverable from backups. In any event, you’re covered.

Worried about this sort of thing? Need an expert to help you out? Read about Bold’s WordPress Site Maintenance service.

Laura is a Marketing Communications Strategist with 7 years of extensive interactive and traditional multi-channel marketing experience, over 10 years of online experience, and over 10 years of writing, editing and publishing experience.

She has worked as both an in-house and agency-side marketer with clients running the gamut from startup level small businesses all the way up to Fortune 500 companies. She will be the primary go-to person at Bold Interactive for clients as well as our project manager for all vendors and services.

If you need to reach her or just want to Introduce yourself feel free to email her at lcunningham@boldinteractive.com or leave a comment on this post.