Website security is ever evolving. It is best to apply a systematic approach, and think of it as an onion, with many layers of defence all coming together to form one piece. Cyberattacks cause costly clean-up, damage your reputation, and discourage visitors from coming back.
What is website security?
Website security is any action or application taken to ensure website data is not exposed to cybercriminals or to prevent exploitation of websites in any way.
What does website security protect me from?
- DDoS (Distributed Denial of Service) attacks. These attacks can slow or crash your site entirely, making it inaccessible for visitors.
- Malware. Short for “malicious software”, malware is a very common threat used to steal sensitive customer data, distribute spam, allow cybercriminals to access your site, and more.
- Blacklisting. Your site may be removed from search engine results and flagged with a warning that turns visitors away if search engines find malware.
- Vulnerability exploits. Cybercriminals can access a site and data stored on it by exploiting weak areas in a site, like an outdated plugin.
- Defacement. This attack replaces your website’s content with a cybercriminal’s malicious content.
What does website security protect my visitors from?
- Stolen data. From email addresses to payment information, cybercriminals frequently go after visitor or customer data stored on a site.
- Phishing schemes. Phishing doesn’t just happen in email – some attacks take the form of web pages that look legitimate but are designed to trick the user into providing sensitive information.
- Session hijacking. Some cyberattacks can take over a user’s session and force them to take unwanted actions on a site.
- Malicious redirects. Certain attacks can redirect visitors from the site they intended to visit to a malicious website.
- SEO spam. Unusual links, pages, and comments can be put on a site to confuse visitors and drive traffic to malicious websites.
Why do I need website security?
There are four main reasons why every website needs security.
- Hosting providers like Moreweb NZ protect the server your website is on, not the website itself. You can think of the website-host relationship like an apartment building: management provides security for the whole building, but it’s up to each occupant to lock their door.
- It’s cheaper than a cyberattack. Cyberattacks can cost small businesses as much as $427 per minute of downtime – by contrast, customers pay an average of $1-2 per day for website security.
- You’ll protect your reputation and retain visitors and/or customers. Recent studies show that 65% of customers who have had their information stolen by a compromised website won’t return to that site – that’s a devastating number of visitors to lose, especially for a small business or website.
- Malware and cyberattacks can be hard to spot. Cybercriminals specialize in malware that can discreetly enter a site and stay hidden, so your website might be infected, and you may not realise it. Some sneaky malware attacks include backdoors, a type of malware that allows cybercriminals to access a site without the owner’s knowledge, and cryptojacking, which mines websites for cryptocurrency without showing any symptoms. Once cybercriminals secretly enter your website, they can access your data, steal traffic, deploy phishing schemes, and more – and you may never even notice.
What do I need to secure my website?
Must haves:
- An SSL certificate. SSL certificates protect the data collected by your website, like emails and credit card numbers, as it is transferred from your site to a server. This is a basic website security feature, but it’s so important that popular browsers and search engines are now labelling sites without SSL as “insecure”, which could make visitors suspicious of your site. Our Managed WordPress product includes a SSL certificate.
- Software updates. Websites hosted on a content management system (CMS) are at a higher risk of compromise due to vulnerabilities are security issues often found in third-party plugins and applications. These can be prevented by installing updates to plugins and core software in a timely manner, as these updates often contain security patches.
Recommended:
- A web application firewall (WAF). A WAF stops automated attacks that commonly target small or lesser-known websites. These attacks are carried out by malicious bots that automatically look for vulnerabilities they can exploit, or cause DDoS attacks that slow or crash your website.
Optional:
- A website scanner. A cyberattack costs more the longer it takes to be found, so time is of the essence. A website scanner looks for malware, vulnerabilities, and other security issues so that you can mitigate them appropriately.