Keep your blog safeFeature of the week
These days it is incredibly easy to set up a blog or website. Besides this being a fulfilling way to share your thoughts, creations and Instagram-able food pics, through Google AdSense, affiliate marketing and simple e-commerce platforms, more and more young, accidental entrepreneurs have been able to monetise their blog. What begins as a hobby, with time and attention can soon become a day job.
Great news, right? Yes, but the risks open to those with websites (especially those with online stores) are only growing, as hacking becomes more profitable, and less complex, with the emergence of software specifically designed to break into sites.
Here then, we have put together four simple security tips to consider if you run your own website.
Most people think that web host providers back up their customer’s sites for them. This is rarely the case. More often than not, backing up a website is the responsibility of the webmaster. How often to run a back-up depends upon what kind of site you have, but any less than once a month is regarded as lapse. Have a look at this article for options on how best to back-up your site.
Installing an SSL Certificate is integral for sites where customers are submitting sensitive data. With HTTPS, data transmitted through your site is automatically encrypted. Additionally, to avoid phishing scams, it is worth using a WHOIS Domain Lookup tool like that offered by 1&1, which allows you to see what administrative information of your site is open to the public.
All those able to access the administration areas of your site and hosting plan should be using strong passwords. By strong, we mean totally random combinations of characters (both upper and lower case), numbers and punctuation marks. Contrary to what you may believe, “he110Web$!te”, or something of the sort, is neither random nor secure. No password is fully resilient against a brute attack (whereby every single combination is thrown at the log-in form) – it is only ever a matter of time. The best defence against brute attacks is length. The difference in time it will take a brute attack to break a password of four letters to one of 14, is much greater than the difference it will take to break two six-letter passwords, one with only letters and one with a mixture. This is not an argument against combinations, but one stressing the importance of length.
If your run an online store, or allow site visitors to log-in to accounts on your site, stress upon them the importance of strong passwords too, perhaps even insisting upon a minimum length and the inclusion of capitals, number and punctuation marks. Additionally, ensure that your error message says no more than it needs to. When false log-in details are entered, “Username or Password entered incorrectly” is sufficient. Though frustrating to genuine users who have wrongly entered one but are not sure which, it doesn’t allow those attempting to hack in to focus their attack upon one field or the other – and this is more important.
The editorial unit