protecting your website

Protecting Your Website: A How-To Guide

All day everyday individuals attack your website. These can be hackers, crackers, scammers, or script kiddies. Today I discuss various tools you can use and employ when it comes to protecting your website.

Protecting Your Website: Start At Your Web Hosting Company

The first place you should start when it comes to protecting your website is securing your web hosting account. If a bad actor gets control over it, they can delete your website or hold it ransom. Others could use this account to buy additional hosting space to send spam mail or run attacks against others, like a DDoS attack.

So how do you secure your web hosting account?

First, you need to use an original password. If your account has a reused password, stop reading this article now and change the password immediately! Hackers have access to password lists from previous breaches. They try those passwords at other websites to see if they were reused. Unfortunately, they are.

A great way to develop an original password is to use a password manager. I use LastPass to not only save and manager my passwords, but to generate new secure passwords.

Next, you need to enable two-factor authentication (2FA) on your web host account. This adds another layer of protection even if a hacker gets your password because 2FA requires a code or phrase. And this code or phrase changes constantly. Depending on your web hosting company, you can use one of the following 2FA methods:

  • SMS text message
  • Authentication program (Authy or Google Authenticator)
  • Keyfob

Finally, only allow certain individuals access to this account if you work with a team of people. Usually the IT management and possibly the owner should have access to the web hosting account.

Protecting Your Website: Securing Your Website Admin Account

If you are using WordPress or Wix or another platform to build / manage your website, securing the administrative account is key. If a hacker or scammer is able to take control over this account, again they can delete it, deface it, or hold it for ransom.

So how can you secure it?

Just like with your web hosting account, use an original password for the website admin account. Next, enable 2FA on that account. With self-hosted WordPress, you will have to use a security plugin like WordFence to do so. Wix and Squarespace has this feature built into their system.

Also, if you use WordPress you should consider changing the login URL. It’s widely known to add “/wp-admin/” or “wp-login.php” to the end of URL to access the WP login page. From there, hackers can try to login using the default username and password. The best way to change your login URL is to use a plugin. This requires a code change, and if you do incorrectly you can cause major trouble with your WordPress installation.

Speaking of the default username, self-hosted WordPress uses “admin” by default. Don’t use that. Choose a different username. However, if you are using the admin username you can change it. Follow the instructions on this site.

Enable Notifications And/Or Alerts For Different Methods

I highly suggest when it comes to protecting your website you must enable notifications and/or alerts for whenever a person logs in correctly or incorrectly. This way you know immediately when someone logged into the web hosting company or the website administrative account.

Also, you should send these alerts through different methods, such as email and text message. That way if a hacker gets control of your website and your email, you still can get notifications through another avenue.

I use WordFence Security for my website and I get emails whenever someone successfully and unsuccessfully logs in. The same happens whenever I login or make any change or order through my web hosting company.

How to set this up is going to depend on your hosting company. Review their knowledge base or help section for assistance.


You made it to the end! Thanks for reading this post and visiting Brittbot. Make sure you bookmark this website so you can stay current and improve your business’ website.

0 0 vote
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
1 month ago

[…] I wrote previously about how to protect your website. In that article I discuss how anyone can access the WordPress login screen by adding “/wp-admin/” or “wp-login.php” to the end of URL. At the login screen bad actors can try to access your website by using Brute-force Attacks. Meaning they can and will try to login into your website using the “admin” username and various passwords. […]