5 Common Website Security Mistakes

People often make fundamental mistakes with their websites and servers. These mistakes can ultimately cost a lot. This happens to not just new website owners but to seasoned ones as well. In fact, you could be making some of the mistakes below essentially harming your business. Fortunately, this guide explains some of the common mistakes every website owner should avoid in order to gain the most from your online presence.

Mistake 1 – Not Monitoring Your Backups
Backups are the forgotten website security pillar. Most website owners do not understand how backups fit into their web security strategy. Backups are your safety net. With a backup, you can quickly restore a part of, or your entire website when bad something happens.

A lot of bad things can happen to your website:

Hackers can compromise your site
A careless key stroke can overwrite important files
Web hosting equipment might fail

These and other scenarios will give you sleepless nights if you do not monitor your backups to make sure they are properly running and completing successfully.

The importance of monitoring your backups cannot be overstated. Just think how effectively you could recover from a complete website crash. Here are some important ideas on monitoring your backups:

Ask your hosting provider how often they backup your data, and the number of copies they keep.
Get a copy of your website files, including photos, artworks and any other unique fonts used to create header graphics, logos, etc. from your web developer.
Back up your site’s database from your control panel. If you need help to complete the backup, contact the support team of your web hosting provider.
Back up 3rd party applications such as your blog, newsletter subscription list, etc. so that in case something happens with your providers, you have a backup solution.
Consider 3rd party backup tools and services which keep the backups in a safe and remote location.

Mistake 2 – Not Changing Default Settings and Usernames
A lot of website applications, (think of something like WordPress), include a default set of usernames, passwords, and settings to provide a consistent installation experience. After the installation has been completed it is critical to change those default usernames, passwords, and configurations. Keeping with the WordPress example, the WordPress installation creates an account with the username ‘admin’. A default location for managing your WordPress site is created at http:///wp-admin.

Hackers will test your site to see if those default values are in place. If they are found, they will begin to run software targeting your website to figure out your password. There are also a number of installation files that should be removed once you have completed your installation. These scenarios are not unique to WordPress, we just used them as an example. It is a good idea to search for a ‘How to Secure X Application’ guide for each of the applications you are using.

Mistake 3 – Ignoring Software Patches
Many website owners wonder why they should apply a software patch when things are working fine. However, by ignoring software patches or updates, you are leaving the door wide open for malware and other attacks. This exposes anyone who depends on your website to unwanted risk.

Software patches and updates are packages of software that are released by software vendors to address security vulnerabilities in existing products. Hackers exploit software vulnerabilities to deliver malware and other threats. Sometimes, software patches contain product enhancements and bug fixes. The patches are installed over the existing installation and therefore do not need un-installation or re-installation of the current software in question. Your only role is to accept the software update and the updater does its thing. Just make sure you have a good backup first.

You should never ignore those software updates. Besides enhancing your site’s performance and user experience, they provide protection against malicious threats and cyber-attacks. Moreover, you should understand all the implications of a software patch. When in doubt, consult your web developer or the customer service team at your hosting provider.

Mistake 4 – Not Monitoring for New Security Updates
Security updates are a constant feature just like the software updates. In fact, security updates are sometimes rolled into software patches. Security updates usually come out in point releases and are often clear on what they are intended to address. Security updates do not normally introduce new features and are instead focused on preventing vulnerabilities.

Some security updates can be managed automatically while others need manual effort. Whatever the option, you should not forsake monitoring the release of security updates of the applications being used to run your website. These updates, as previously mentioned, are released to address specific security issues and failure to apply those updates compromises the security of your website. It is important to install security updates in a timely manner. You can also go the extra mile and look for plugins which have extra layers of security and install any updates for those as well.

The other kind of security update does not involve anything to install but rather deals with database management and hosting. This involves things such as setting a strong password, locking down file permissions, checking the sites you link to, using SFTP for file transfers, and looking beyond shared hosting plans. These tactics add an extra layer of security to your website and should never be ignored.

Mistake 5 – Failure to Monitor for New Server Exploits
A server is exploited when it is no longer under your total control. Another party is using your server for their individual purposes. Common examples of server exploits include someone using your server to send spam emails, launching attacks on other servers with your clean IP being used as the attacking source, installing a phishing site on your server, or installing programs which try to steal passwords and other log in details when a person visits your website. Server exploits negatively affects your online reputation. It is therefore important to always remain alert for any signs of server exploits.

Although your hosting provider will report suspicious activity from your server, it is normally too late at that point. The best thing you can do is to constantly check for lapses in your web security and immediately address them. For example, servers mainly get exploited when an authorized person guesses a password and logs in as a user or when a security hole in the web application has been exploited. It therefore goes without saying that every user must have a strong password and you should remain up to date on the security of any webapp you have installed in your site. With these tips, you will stay on top of server exploits.

Bonus Tip! – Not Monitoring Uptime
Server uptime is critical to a business. Databases and file services, web and email servers are indispensable to most business processes. Downtimes negatively affect productivity, sales, customer and employee satisfaction. Downtime hurts. You must find a means to monitor server uptime at all times.

With the right service, monitoring servers and websites becomes easy. You will be the first one to know when your site is down, and you will easily monitor the performance of your site. It is important to get a service that is thorough in server and website uptime monitoring to prevent unnecessary disturbance.
Server uptime monitoring helps you provide better user experience to customers and other people who visit your site. It also gives you useful information on the reliability of your hosting provider. If you are getting a raw deal, you will realize it.

Conclusion
Your website is your gateway to the global online marketplace. It is important to check these 5 common mistakes so to get protect your presence on the Internet and get the most value as possible out of your website.