Contact information

31350 Ipoh, Perak, Malaysia

We're available throughout the day +60-11-3664-4263 jeff@polygondesign.net
Follow us

How To Make Website Secure

“How To Make Website Secure” This question is pretty much always asked but it’s not asked by those who recently started creating websites. However, it will come up in the future for those who really take their websites or business seriously. In this blog, I’ll somewhat keep it simple like my normal blogs. I seriously hate it when a blog comes and it’s filled with filler words to stretch it or make it more confusing than it has to be.

It’s quite a complex topic but I’ll try my best to keep it simple and organized. Alrighty, you ready?

1) How to know when it’s a priority to secure your website

Right, you probably landed here because your website gave that horrible warning saying it’s insecure. Still quite confused? This is the error that’s shown if the website is not secured. The worst part of this error is that search engines are setting your website’s level like those dubious sites. To name a few, you know those annoying pop-ups that redirect you to some horrible scammy site? Which then forces you to download something, enter an email or simply ask to subscribe to something? Yeah, I honestly hate those.

How To Make Website Secure
How To Make Website Secure

To add more salt to the wound that error is not nice. Especially if you are a legit business it just deters your potential customers away from conducting business with you.

2) How to secure your website via SSL or HTTPS

Luckily for you securing your website is very much simple and free. In hindsight what you will need is an SSL certificate and some tinkering. Writing a blog about it is quite long so here’s a video instead.  Oh and if you are not familiar with SSL, HTTPS and the likes read this article: What is SSL, TLS and HTTPS? | DigiCert

2.1) If you have a WordPress site you can use a handy plugin: Really Simple SSL – WordPress plugin | WordPress.org, I recommend this. It’ll automatically force all connections to HTTPS and will automatically set the SSL for you.

2.2) If you have a traditional website, you will need to create or buy an SSL certificate and code it in your website. Once, that’s done you will need to force connections to use HTTPS. If you need a reference give this video a watch

Important Subjects Covered

Those 2 above are the main issues that need to be addressed as soon as possible. Now let us talk about the minor details that make your website more secure.

1) Good Hosting and Domain Provider

If possible do not go for cheap hosting or domain providers. The reason is pretty simple Hackers may not be able to get into your website but they may hack into the provider’s website. If this happens say goodbye to your website. Probably one of the worst types of hacks that’s almost impossible to restore.

The reason why it’s impossible to restore is basically, your website information is stored on the Hosting provider the hacker can simply delete it internally. If they do not have extra backups or you do not have a manual copy then, you are not able to do anything.

2) Update WordPress plugins/themes or software regularly

Want to know the other main secret why you pay for subscriptions for premium software other than more features? If you guess security then get a cookie because you are exactly right. Updates are there for 3(three) main reasons, these reasons are security updates, fixing bugs, and adding features.

Let’s say you have outdated software, it’s likely also has outdated security. To put it simply imagine you have a game, you finished it already and soon decided to play it again. The result of that is that you know all those hidden secrets or techniques to make said game easier. Same with websites, a security measure might have already been hacked and shared online.

If it’s out there on the public, hackers will easily access your website.

3) Have more secure admin passwords

This might come second nature to some but for the most part, it’s not. You see there’s a hacking method called brute-forcing, if you want to learn more about this hacking method visit here Brute Force Attacks: Password Protection (kaspersky.com). To put it simply brute-forcing password cracking is basically trying out multiple passwords in a couple of minutes. Depending on how powerful the PC is it can reach 10000 passwords in 1 minute.

A simple way to counter this is by applying a Google I’m not a bot ReCaptcha. I don’t need to explain what’s a ReCaptcha as it’s a norm in this modern era. You could also implement maximum password tries or guesses. An example of this; if you guess or type the password wrongly within a set amount of time you will be locked out for a set amount of time. Some companies or websites’ lockout times range from 5 minutes to 2 days.

4) Delete Unused Plugins or Themes or Old plugins/themes

Now, this can double as a way to speed up your website. Basically, it speeds up because it’s much lighter. The lighter the website the faster it loads, this comes after web host specs. It’s pretty straightforward if you ask me.

Now, why delete unused plugins or themes? The short answer is it lacks updates, specifically it lacks security updates. In most cases if you have an ignored plugin you will likely not update it at all. This makes it prone to cyber-attacks by exploiting the plugin or theme’s security breaches.

5) Have Backups within backups

You see it’s quite a known fact that we must have backups with our websites. Having said that, the regular joe does not do this until it’s too late. But look on the bright side here, Most shared hosting that uses Cpanel as its dashboard have an automatic backup but it’s not enough. It’s not enough(as explained in #1).

There are multiple plugins to help you achieve this. Do a manual backup and download it, store it in a safe folder on your computer. When I sad Backups within Backups I mean by storing your file in other website’s storage. An example would be Google Drive, Dropbox, or maybe even Mediafire. The reason for this is to have plan A, B, C, and so on. There will be rare cases where you might break your laptop’s storage or it might get corrupted. It’s a good practice to have multiple backups.

6) Be careful of emails.

My phone number and emails are public, anyone can email me. To name a few businesses, scammers, and bots contact me quite often. It helps to have an email with spam filters but it’s not perfect. There will be cases where it will go through a security check, if this happens you will need to be quite mindful of what they say.

I don’t really need to go more in detail here, if the email sounds scammy that screams “You will win money, Click this link for something” whatever it may be if it doesn’t sound right it probably is. Use your common and 6th senses and take a moment and think if it’s safe to click the link.

That’s  How To Make Website Secure

Use this new knowledge, apply it to your business or website.  If you have a question leave a comment. If you want us to build your site visit here: Polygon Web Design (polygondesign.net)

One reply on “How To Make Website Secure”

  • graliontorile
    August 14, 2022 at 5:11 am

    Thanks for the auspicious writeup. It in fact was once a amusement account it. Look complicated to more brought agreeable from you! However, how could we communicate?

Leave a Reply

Your email address will not be published.

Need a successful project?

Lets Work Together

Book a meeting
  • right image
  • Left Image