You’re driven to grow your business by delivering robust, high-performing websites to your customers. While you’re chasing your dream, give close attention to making sure the sites you build are safe. Your clients expect it, so it’s time to get serious about security.
Consider these stats: more than 53,000 attacks on websites were reported last year, according to a Verizon study, and the FBI reported receiving more than 900 complaints a day about attacks in the U.S alone.
Big hacks at big companies make headlines, but no business is safe. In a 2018 study, 67% of small and medium-sized businesses said their websites had been attacked. Even scarier, 60% of SMBs hit by hackers go out of business within six months, according to the National Cyber Security Alliance.
Your clients depend on you to deliver secure websites, so their consumers never wonder, “Is this website safe?” So, where do you begin?
Here are 8 ways to check website safety—before and after you handover to your clients.
Be careful of plug-ins, add-ons, and extensions
Protect your sites with SSL technology
Use a WAF to fight this top-rated security risk
Guard against malware
Toughen up site login forms
Make uncrackable passwords
Have a back-up plan
Choose the right web development platform
1. Be careful with plug-ins, add-ons, and extensions
Many hackers use bots to automatically scan site after site, looking for security vulnerabilities to attack, and they often find them in software plug-ins, add-ons, and extensions. This is because plug-in architecture require users to update all their sites every time a software bug or security hole is fixed—and that leaves plenty of room for human error.
For example, WordPress relies heavily on plugins, which causes 98% of its security
vulnerabilities. Platforms like Wix take a safer approach—they only use web apps, which update automatically and security holes are fixed at the platform level, which are automatically deployed to all users.
2. Protect your sites with SSL technology
Ever notice a site URL reads HTTPS instead of HTTP? That extra “S” indicates the site is using a security technology called SSL (Secure Sockets Layer). SSL protects sites from hackers and encrypts data as it flows from the Internet or an internal network.
Once, companies used SSL only on shopping carts or login pages. Now
they’re using SSL on every page to prevent breaches caused by visitors switching back and forth between secure and insecure areas. You’ll automatically provide your clients with an SSL certificate by using Wix.
3. Use a WAF to fight this top-rated security risk
Hackers often exploit vulnerabilities in applications to insert malicious code that can enable them to steal credentials, destroy data, or even gain control of servers. This threat is called code injection, and it ranks first in the list of Top 10 Application Security Risks compiled by the OWASP Foundation.
The most effective tool for protecting against code injections is a WAF (for web application firewall). It inspects HTTP traffic before it reaches your application and protects your server by filtering out threats that could damage your site functionality or compromise data. It’s a must-have in your website design.
4. Guard against malware
Malware is a pervasive threat that caused $2 trillion in damages last year. It comes in eight styles, including Trojan viruses, spyware, adware, and ransomware. A study of 50,000 security incidents found that malware was delivered via email in 92% of the cases.
Check if your hosting platform includes frequent malware scans and protection through firewalls and antivirus programs. Post site handover, your customers will need to keep up with the latest developments in malware and update their antivirus, browser, and operating system regularly. Oh, and don’t open suspicious emails.
5. Toughen up login forms
Login forms make it easy for customers to sign into their accounts on business websites, but they’re also weak spots that attackers can exploit via brute-force attacks that try thousands of possible login credentials. Prevent access by adding layers of protection, such as limiting the number of log-in attempts a user can make in one session or requiring visitors to prove they’re not robots by signing in with a reCAPTCHA tool.
6. Make uncrackable passwords
According to a Verizon study, 81% of data breaches in businesses come from stolen or weak passwords. These guidelines will help strengthen yours:
Passwords made of at least 12 randomly sequenced letters, numbers, and symbols are harder to crack; the longer, the better.
Don’t use names or words that could be found in the dictionary; and never use any personal information (it’s the first thing hackers try).
Never reuse passwords and change them every few months. Password manager tools make this all much easier.
7. Have a back-up plan
Any site is subject to attack. If the worst happens, make sure your website development platform and partners can restore your customers’ sites quickly and cleanly. According to security experts, site backups should be done frequently enough to capture new content; scheduled automatically, so no one needs to remember to do it; and tested to make sure the system is working.
A backup can get a website back in action quickly, but it won’t solve the problem that caused the crash. Be sure to keep a baseline—a full website backup from a point in time when the site was known to be secure.
8. Choose the right web development platform
Some website development platforms can provide enterprise-grade security to the sites you build and host on them. Ask providers about their security policies and their dedication to continually updating and improving their security offerings. Make sure you know which security measures they’ll provide you (like the ones on our list), and what you may need to add on your own.
You can make sure your clients sites are safe with this website security checklist.