Today, we’d like to shout out to acknowledge some of the great website security moves our clients have made, on their own initiative, to improve their website security strategy.
Website security strategy #1: Keeping your website updated, even when you don’t plan to use it
One of our clients is suspending his business, but his website is still online at the moment. He knows that a secure website is important every minute it’s online. Even though his business is inactive at the moment, when we informed him about an important security update to his website, he agreed to have us make that update. Leaving the security vulnerability unpatched would have left his site and its visitors vulnerable. Even if your business or organization isn’t currently active, your name is still out there if your site is online. Your reputation is still important. You don’t want your name to be known as “the site that infected my computer with malware” or to have your website be blacklisted before you are ready to pick it up again.
If you want to suspend your website for a longer period of time, contact us. We can archive a copy of your website, take it offline, and put up a placeholder until you are ready to do something else with the site.
Website security strategy #2: Performing website user audits
Another client recently did a website user audit. Some of their employees had moved on from the organization, so they asked us to reduce those users’ permissions. Originally they were administrative users with access to every part of the website; now they are subscribers who can log in to the website, but not make changes outside their own profile. By reducing their permissions, we were able to retain the employees’ blog articles on the website, but prevent their accounts from sitting around unused and being exploited in a hack if someone broke in.
The best way to prevent someone from breaking into your website through a weak password, brute force attack, or password obtained through other illicit means is by reducing the number of people who have administrative access to your website. Simply removing no-longer-required user accounts altogether is the safest option. However, if you need to retain the user account to maintain the user’s past content, you can downgrade the user’s permissions. That way, if someone does try to break in through that account, they won’t have access to any important areas of the website.
Remember, YOU are the most important security protection your website has. The website security moves mentioned here are part of a well-informed strategy to keep your website secure, and keep your visitors safe.
If you want to save some time and keep your website secure, Red Earth Design offers website security packages. With website security packages, we keep your website software and plugins up to date and verify other aspects of your website security on a regular basis.
As an integral part of your website security strategy, we recommend auditing your website at least once a year. Check out our handy website audit steps here – also available in a downloadable PDF format for your convenience.