We Improved Your Website Security – Top Ten Things To Think About

You don’t want to worry about website security, we do that for you, but there are a few things you should know because this stuff is only going to be a bigger part of our lives.

Cyber attacks are on the rise everywhere and will continue to increase. There were 3,205 compromises of personal information and consumer data last year that impacted a total of 353 million total victims.  On average 30,000 websites are hacked every day globally out of which 43% are targeted at small businesses.

You may not think you have data that would be of interest to a hacker, but the attacks still continue on nearly every website, around the clock. The goal may be to steal data, but more commonly, to stick malware on your site to drive users to scam websites. We’ve implemented as standard practice several security processes to battle the issue. These are generally well above and beyond the processes offered by mainstream services like WP Engine, GoDaddy, or others.

Automated Security Updates

One of the biggest weaknesses of most standard WordPress sites is the failure to keep up with software updates. We set all sites to check and update daily any theme or plugin updates. There will be dozens of these for a typical site over the course of a year. These occasionally will cause an issue that needs correction, however, we feel the benefits of updating far outweigh the consequences of a problem. If you see something that doesn’t function correctly, after working perfectly well for months, this is likely what has happened. Just let us know and we’ll sort it for you. 

Firewall

We use a global database of known “bad actors” to block IP addresses of know hacking servers. They can’t try to exploit the site because they can’t reach it. We do a number of other things behind the scenes.

Multi-Factor Authentication

This is the now familiar practice of using code sent to a phone App in addition to your username and password. It’s mandatory for all Admin users. 

Scanning for Problems

Your site gets scanned daily to look for any missed updates or files that aren’t supposed to be there.

We, nor anyone, can guarantee perfection but know that your site has many more protections and processes than common hosting arrangements. We do offer even higher levels of security for sensitive sites, like Content Security Policies, HTTP Strict Transport Security, and others.

Website Security Top Ten

When considering website security, there are several important factors to keep in mind and most web hosting companies will do little to none of these as part of the basic service:

1. Risk Assessment: Understand the potential threats your website faces. This includes common vulnerabilities such as outdated software, weak passwords, insecure plugins or themes, and susceptibility to malware and hacking attempts. Blue Million’s Blue Suite has tools to automatically detect these.
2. Regular Updates: Keep all software, including content management systems (like WordPress), plugins, themes, and server software, up to date. Updates often contain patches for security vulnerabilities discovered by developers. Standard with Blue Suite.
3. Strong Passwords: Use complex and unique passwords for all accounts associated with your website, including FTP, hosting, CMS admin, and database access. Consider using a password manager to generate and store strong passwords securely. Standard with Blue Suite.
4. Secure Hosting: Choose a reputable hosting provider that prioritizes security measures, such as regular security audits, firewalls, intrusion detection systems, and server hardening. Blue Million hosts on Google Cloud via Kinsta and distributes on CloudFlare. These are the most reputable cloud hosting services in the world.
5. HTTPS Encryption: Implement HTTPS encryption to protect data transmitted between your website and its visitors. This is especially crucial for websites handling sensitive information such as personal details or payment transactions. All Blue Million sites use HTTPS.
6. Firewalls and Security Plugins: Utilize web application firewalls (WAFs) and security plugins to monitor and filter incoming traffic, block malicious requests, and detect and prevent common attack vectors like SQL injection and cross-site scripting (XSS).  Standard with Blue Suite. Our firewall blocks over 40,000 know malicious IPs.
7. Backup and Disaster Recovery: Regularly backup your website data and store backups securely offsite. This ensures that you can quickly restore your website in the event of a security breach or other disaster. Blue Million backs up your site daily for 30 days and keeps a quarterly air-gapped backup of all sites.
8. User Permissions: Limit access permissions for users based on their roles and responsibilities. Only grant necessary privileges to minimize the risk of unauthorized access and data breaches. Blue Million will help you determine who needs access and at what level.
9. Security Monitoring and Incident Response: Implement tools and procedures for continuous security monitoring, such as intrusion detection systems (IDS) and security information and event management (SIEM) solutions. Have a clear incident response plan in place to quickly address and mitigate security incidents. Standard with Blue Million.
10. User Education: Educate yourself and your team about common security threats and best practices for website security. Regularly train users on how to recognize and avoid phishing attempts, malware, and other cyber threats. Training is available from Blue Million.

By considering these aspects of website security and implementing appropriate measures, you can significantly reduce the risk of security breaches and protect your website, your data, and your visitors from harm.