Security is huge. It’s massive. For the sake of your reputation – and your clients’ – it’s got to be right. Luckily, there are a few straightforward steps you can take to protect everybody...
1. Avoid shared hosting.
It might be cheap, but shared hosting can open up a whole can of worms when it comes to security. There’s no real separation between your websites and potentially thousands of others, which means you’re only as protected as the least protected website. You’re at increased risk of hacking, blacklisting and a whole range of headache-including problems. Avoid, avoid, avoid.
2. Keep applications up to date.
It’s really important to install the latest updates to your CMS and any plugins you’re using otherwise you’re not addressing vulnerabilities that hackers will know about – and exploit. If you’re on our STORM platform, you’ll get Wordpress alerts when it’s time for an update. You can also tap into our handy checklist of out-of-date plugins and their pitfalls.
3. Get some good plugins.
There are lots of great plugins out there, for example WordFence for WordPress, or MageWorx SEO for Magento. Adding the right ones to your applications can protect you from attacks you might not even notice happening – things like hackers adding spam links to your code, or using your website to send them to thousands of people.
Both of these can result in your IP address being blacklisted, taking your website down for as long as it takes you to get it reversed. If your email’s on the same server, it’ll go down too – which is why we always recommend keeping the two things separate.
4. Sort out an SSL certificate.
SSL is an encryption technology that protects sensitive data as it travels across the internet. It makes sure hackers can’t interrupt the connection between you and your customers, accessing things like personal information or bank details. An SSL certificate proves you’ve put that security in place and customers can trust your website. So, pretty important stuff.
We offer a whole range of SSL certificates, from free basic options like Let’s Encrypt, which you can enable in seconds in STORM, to more premium certificates. Generally, the more you pay, the more secure your SSL will be, and the more visible that protection will be to your customers, giving them greater confidence.
5. Use web application firewalls (WAFS).
Adding a WAF gives you an extra layer of protection against common attacks like cross-site scripting and SQL injections. Some WAF providers like Cloudflare see so much of the internet’s traffic, that they can often stop an attack before they even reach your site.
6. Backup regularly.
Backups won’t make your websites more secure, but they will make life easier if things go wrong.
While updates, plugins, SSLs and firewalls help protect against external threats, regular backups mean that if all those things fail, or you make a mistake that brings a site down, you’ll still be able to restore it quickly, with minimal panic.
Basically they securely save the latest version of each website, so you can go back to it if you need to. At Nimbus, we run onsite backups daily, every night, and for a little extra you can add offsite backups daily too. This saves your website at our second data centre, giving you the extra reassurance that if anything happens at our (very secure!) main data centre, you’re still backed up.
If you’d like any advice on security, we’re always happy to talk things through on 0203 126 6767.