5 Website Security Tips To Keep You and Your Data Safe

“My inbox is getting flooded with user lockouts from people in different countries – but they aren’t getting close to my login name.” 

“I’ve started getting 6-8 notifications a day. It’s nice to know of the global interest in my company, haha, but wondering if I need to do something.”

“I received a message that I’m being sued because of the images on my website but aren’t those my images?”

Any of this sound familiar? We have seen an uptick in messages from clients in the last couple of months regarding hackers and scammers trying to infiltrate their websites or collect money from them. If you have been on the internet as long as we have, you know these types of scams are nothing new, but with May 6th being “Change Your Password Day,” we thought what an excellent time to address website security issues

First of all, don’t panic. Your website has many security features to help keep these scammers out. That’s why you are getting these alerts because the software is doing its job. However, it is still not a bad idea to implement the following tips to keep you and your website safe. 

1. Update your password regularly, and don’t make it easy to guess. 

I know, I know. It’s hard to remember. But there are so many tools out there to help you with this. Our favorite is LastPass. Install this free extension on your browser and your phone, pick one Master Password for your LastPass account (still should be one hard to crack but also known to you), and let it take over remembering all of your passwords for you! It will also help generate secure passwords, save sensitive documents and allow you to share your password safely with another person if needed. Are you one of the 59% of people who reuse the same password across multiple accounts? LastPass is the solution to stopping that. If you have a Google account, you can run a Password Check to review the security of saved passwords to your Google Account. They will alert you to compromised passwords, see how strong your passwords are and if you’ve used them more than once. It’s pretty cool and sometimes face-palm inducing. 

2. Make sure you update the SSL certificate on your website. 

An SSL (Security Sockets Layer) certificate authenticates a website and enables an encrypted connection. This makes it harder for hackers to get in and reassures visitors to your website that they are safe to browse without fear of being attacked. This is especially important for websites that are collecting information from users or selling products. And as an added incentive to make sure you have an SSL, Google will downgrade your rankings in search if you don’t have a secure site. They aren’t taking chances on sending someone to a website that could result in a hack or malware installed on a user’s computer. Most hosting companies now include SSL as part of their hosting packages, or it can be added on with a click of a button. Ask us how!

3. Don’t click on weird links! 

Whether it’s on social media, an email, or even a text message, if you don’t know why someone is sending you a link, and especially if you don’t know the person, do NOT click on the link. This is a great way to prop the door wide open on your computer to guests you do not want inside. A scam claiming photos on your website belong to a photographer has been going around for a few years. They try to convince you that the images used on your website were taken without permission, and you need to pay royalties. On top of that, they send you what appears to be a Google Drive link to show you the files, but that is usually a way for them to access your machine. Don’t fall for it! If you are not sure whether the email is legitimate or not, get in touch with an attorney or whoever provided the photos for your website. At GreenCup Digital, if our clients don’t provide photos for their projects, we use stock photo services explicitly meant for public use and keep documentation of this. 

4. Keep your website up to date.

No, I’m not talking about your blog posts here (although we do recommend you keep that up to date, too!) but the back end of your website. Chances are you have a WordPress website, and with WordPress or most website tools these days, the technology is constantly changing. Companies, including WordPress, are always working to ensure their products are up to date for functionality and security, which means, just like your iPhone, you have to update it from time to time. We recommend checking out your plugins page once a month to see if anything needs an update to keep your site secure and running smoothly. 

5. Remove old users.

If you have had many people work on your website over the years, most likely there are a lot of obsolete user profiles. Delete the users that you are confident will never have a reason to look at your website again. Having extra logins just gives a hacker more opportunities to try to break into your site. 

This is just a handful of tips to keep you and your website safe. Check out this article with our Top 10 Website Security Tips to keep your website up to date for more information. And if you are overwhelmed or just want someone else to keep an eye on things for you, of course, we can help!