Essential Website Security Features You Need. Are they On?
Table of Contents
Building and maintaining a strong website security is a constant process that often gets neglected by website owners due to its complexity, time consumption and cost. As a hosting provider, we know better. Over 18 years of experience in hosting, maintaining and securing millions of websites has taught us that website security is absolutely critical for every online business. We have seen the devastating consequences a hack can have on a website and ultimately on a business, and we have dedicated serious efforts to preventing and minimising the effects of hack attempts.
During the years, we have optimized the security of our platform by developing sophisticated security systems, introducing a variety of security tools, plugins and features, and constantly analysing and monitoring traffic and patterns to recognise potential threats. While all of this has made us one of the most secure and trusted web hosting providers in the world, we know that platform security on its own, is not enough. The involvement of webmasters and site owners is just as important for properly securing a website. That is why we have compiled a list of the most essential security features you can enable that can make the difference between a hacked website and a peace of mind.
Today an SSL is absolutely essential for every website. An SSL certificate encrypts the connection between your visitors’ browsers and your website’s server so that the data transmitted between the two, such as personal information, credit card data, login credentials or else, cannot be hijacked by hackers.
SiteGround clients get free Standard and Wildcard SSL certificates with all hosting plans, regardless of the number of sites. Make sure you have your SSL installed and traffic properly redirected via HTTPS from Site Tools > Security > SSL to ensure the encryption of the connection.
If you have a business website or you’re processing online payments, you may consider our premium Wildcard certificates that come with $10,000 underwritten warranty and a dynamic site seal to create credibility and trust among your visitors. During #CyberSecurityMonth, we have a special 50% off promo on all premium certificates activated by the end of October 2022. If you need one of those, now’s the perfect time to get it – just log in to your Client Area where you can activate it in a few clicks.
Protect your login
Your login credentials are a gateway to your account and personal information (and when talking about websites, to your domain, site and emails, too). There are several things you can do to ensure that your login credentials are safe and secure, and only you or the people you have authorized have access to your website:
Harden Your Passwords
Despite all the awareness created nowadays about weak passwords and the importance of never sharing login credentials with anyone, one of the most common credentials hacking is through guessing or brute-forcing easy-to-crack passwords. Having a long password, consisting of multiple characters and combination of words, letters, numbers and symbols is an easy and super effective way to keep your accounts secure. Remember to use different passwords for different sites and apps, and never share your passwords with anyone, nor write them on publicly accessible places like post-it notes on your computer! Read more on the topic here.
Use 2-factor authentication
Regardless how hard your password is, there’s still a possibility for a hacker to get to it through a brute-force attack, virus, malware or other. With 2-factor authentication enabled, a secondary step needs to be passed by anyone attempting to access your data. 2FA adds another layer of authentication, usually through a temporary dynamically generated code (accessible only from your phone or email, depending on the settings), which cannot be guessed or hacked and makes your login defense bulletproof!
- For SiteGround Client Area, which is the gateway to your domains and sites, you can easily enable 2FA from Client Area > Login & Profile.
- For your WordPress application login, you can install and activate the SiteGround Security plugin and enable the 2FA feature. Download plugin here, or install it directly through your WordPress admin area.
Monitor your website
Scan for malware regularly
There are numerous ways a website may get infected with malware – through compromised login credentials, infected or fake plugins and themes, corrupted software and more. Malware can have a serious impact on your site and online business. The best prevention for it is a secure web hosting platform and constant monitoring. If you’re a SiteGround customer, you can activate Site Scanner – a service that crawls your website on a daily basis and notifies you of potential malware and other threats. Just recently, Site Scanner helped save thousands of WordPress sites from a particularly nasty malware.
During #CyberSecurityMonth new and existing SiteGround clients can get 3 months free Site Scanner. All you have to do is log into your Client Area and claim one before the end of October, 2022.
Block suspicious traffic
There are cases where only the person managing a site can notice specific patterns or suspicious activity. We have provided easy-to-use powerful tools for blocking specific IP addresses or whole countries, enabling our customers to control who’s accessing their website and prevent unwanted visitors.
Back up your site regularly
While backups don’t protect you from hackers directly, they keep you safe from other unexpected events – a site update that may have gone wrong, an infected site that has to be reverted to a clean version and any other situation where a copy of your website is all you need to bring it back online. We know how often backups can save an otherwise dire situation, so we do automated daily backups of all sites hosted with us and keep them for up to 30 days. You can easily restore your website, files or databases for free in just a few clicks from Site Tools > Security > Backups.