Every 39 seconds a website is hacked. You don’t want it to be your website, especially if you have sensitive information and user data.

To avoid malware and other threats, you need to keep your website as secure as possible. Continue reading to learn how to secure your website.

How to Secure Your Website

There are different steps you can take to increase website security. Here are 7 ways to keep your website safe from hacker attacks.

1. Update

One of the most basic ways to maintain a secure site is to update all of your website’s software as soon as you know updates are available. In the past, it was sufficient to update websites once a month or once a week. Now, many malicious attacks come from bots that automatically search for sites with security holes.

If you wait to update your website, you’re at a higher risk of being hacked. Always be on the look-out for new CMS versions, and extension and plug-in updates.

Hosting services will usually take care of OS updates. Most other software will send notifications of any security holes when you log-in or through email.

A website firewall will install updates automatically. You should still check for updates even if you have a website firewall, however.

2. Passwords

Hackers can easily get into your website server if you have a weak password. If visitors can create their own accounts, their user data is also at risk.

Users should have strong passwords as well. A minimum of eight characters, an uppercase letter, and a special character is a popular password requirement for a lot of websites.

The longer the password the harder it is to hack. This is the same for random passwords – you’re information is safer if your password is made up of random letters, numbers, and special characters.

Every password that you have should be different. Hackers create lists of possible passwords from lists of cracked passwords. All of your information is at risk if you use the same password for every account.

User passwords should be encrypted in storage. Make hashed passwords and salt them for the greatest security.


HTTP or Hypertext Transfer Protocol is no longer secure. Starting in 2018, Google labels any website with HTTP as unsecure. HTTPS is the secure version of HTTP – the “S” stands for “secure.”

To use HTTPS for your website, you’ll need an SSL or Secure Sockets Layer certificate. Obtaining this certificate is inexpensive and it encrypts information sent between the server and website. SSL prevents hackers from intercepting this communication, which is called a MITM (Man in the Middle) attack.

Although SSL protects sensitive data through encryption, it doesn’t prevent malware and other attacks. HTTPS and SSL still help keep information more secure.

Websites that contain PII or Personally Identifiable Information such as phone numbers, full names, addresses, and credit card information have basically been forced to convert to HTTPS and install SSL.

4. File Permissions

Set file permissions to control who can write, read, or execute a file. Without any permissions, anyone can get into your information and change or delete it.

The users that can be given access to your files are you, the owner, the group assigned to each file, and the public. The code to read is 4, write is 2, and execute is 1. The code should be 0 if you don’t want a user type to have certain permissions.

CMS applications usually have the appropriate file and folder permissions by default. However, all over the internet are sites saying that 666 for files and 777 for folders will fix any permission issues. While this is true, these will be the codes hackers try first to access your information.

5. Extensions

CMS applications have extensions and plugins that further what you can do with a CMS and website personalization. A major downside is that not all extensions are safe to install.

Never download an extension from a shady website. Free extensions are likely to contain malware. You should only install extensions and plugins from known and trusted websites.

It’s safer to choose extensions that have been around longer and have a lot of downloads. The developers of these add-ons have more experience with fixing security issues than a new developer.

Even if the add-on has a lot of installs, it may not be the best choice if it hasn’t been updated in months. The longer an extension is left without updates, the more security holes it’s likely to have.

6. CMS Settings

As mentioned before, you can change the default file permissions settings to control who can do what with your files. An added advantage to this customization is that your website will actually be more secure.

A lot of hackers send out automated bots to find and attack the weakest sites. Using the default settings of your CMS application is more likely to attract bots. You can easily prevent this by making your own custom settings.

Consider changing user, comment, file permissions, and user information visibility controls. Installing extensions adds further customization.

7. One Server

Your website is at greater risk of being hacked if it’s on a server with other websites. Servers that fail to properly isolate each website can easily have an attack that spreads because of cross-site contamination.

A hacker can infect every site on one server simultaneously. Cleanup is a pain when this happens. It’s incredibly easy for all of the sites to become infected again and every password has to be reset.

Websites are safer on their own servers. There’s no potential cross-site contamination.

Secure Your Website

Keeping your website secure isn’t rocket science. There are simple steps you can take to protect your site from hackers. With the way technology is advancing, it’s vital that you follow and maintain multiple security practices.

Use this guide on how to secure your website to protect your website’s information.

Feel free to contact us with any questions.