When did you last test your website security?

A secure website says to your customers that you can be trusted. With the introduction of GDPR and the increased conversation around data protection, it’s become more important than ever to bump up your website security.

So, you think you’ve got everything in place to make your website secure – but when did you last check? It’s crucial for businesses, especially large organisations or those that deal with sensitive data, to test security on a regular basis. This can help to identify vulnerabilities, risks and areas of weakness.

Here’s a handy checklist of steps to follow to get you started:

  1. Make use of a free scanning tool. If you don’t have the budget to bring in a professional website security agency or service, make use of a free scanning tool. Many offer free trials and allow you to perform a deep scan on your site, to help you identify areas to work on.
  2. Hire an ‘ethical hacker’. This is someone that you trust who will attempt to hack into your site and report back to you. They can tell you how easy it would be for a determined hacker to steal your data, and which routes in they would most likely use.
  3. Update your WordPress plugins. Updating plugins on your WordPress site is absolutely crucial when it comes to website security. Plugins can patch vulnerabilities in website code, which hackers can exploit to wreak havoc on your site.
  4. Check links. It can be time-consuming, but you need to make sure that no one has subtly replaced one or more of your links, ads or graphics with malware. This happens surprisingly often – a study in 2016 found that 75% of websites were at risk of malware and unique pieces of malware had increased 36% year-on-year. A compromised link could make your users the target of bait links, and you could be blamed.
  5. Do an access and password audit. Who has access to your site and are their passwords secure? It may be time to review permissions and to request your team to change their passwords to super-strong ones.
  6. Back-ups. Are you regularly backing up your site? If not, set up a schedule for backup and recovery immediately. This will mean that you can recover your site, data and content if the worst happens and your site goes down.
  7. HTTPS – is your site protected? HTTPS encrypts communications between your site and its users, to protect their data and prevent intruders from exploiting unprotected communications. Without it, an intruder could trick a customer into sharing unprotected data. Crucially, an HTTPS protected website tells your customers that your site is safe to use and to share their data with, and that you can be trusted.

For more help with website security, get in touch with the experts here at Ambos Digital. Simply give us a call on 0800 774 7025 or email [email protected]  – we’ll be happy to help.