With the holiday season approaching, business owners like yourself are preparing marketing campaigns, promotional offers and updating their websites.   With that being said, we wanted to provide you with some simple tips on how to protect your website and personal information.  Keeping your website secure is an ongoing process in maintaining a safe online presence.

Here are our top 5 tips to secure your online business and personal information

1 – Adding an SSL Certificate

An SSL certificate secures your website by encrypting traffic from your website to your web hosting server.  This prevents hackers from hijacking a browser session and stealing sensitive data such as credit card details and personal information.   SSL is no longer optional according to Google with the release of their Chrome 68 web browser.  As of July 1st 2018 Google will now display a ‘Not Secure’ warning in the address bar of every website that doesn’t have an SSL Certificate.  You can read our recent blog post on How to secure your website in Google Chrome for a detailed description.

Chrome SSL

When you install an SSL certificate your URL in the users browser will show a green padlock and the URL will also show HTTPS.  This instills confidence in your customers and means they are more likely to shop with you knowing their information is secure.  If you don’t sell anything on your website you’ll still benefit from having SSL as Google has stated that they will rank website with SSL higher in their search engine compared to sites without SSL.

Here at HostUpon we offer SSL Certificates on 1 or 2 year billing cycles and if you purchase your SSL from us we’ll configure and install it for free!  Our Premium Unlimited plan also includes 1 free SSL certificate.  Whether you have an e-commerce store or just an informational site or even a blog we highly recommend getting an SSL Certificate.

2 – Domain WHOIS Privacy Protection

When you register a domain name on the Internet your personal information is displayed publicly in the WHOIS database.  This is a searchable database for every single domain name registered online.  When you register a domain your first name, last name, address, phone number and email address are available for anyone who does a WHOIS lookup in the database.  Having this information publicly accessible opens the door to spammers and solicitations.  Spammers scour the database daily and harvest this information to spam you with web design offers and tons of other junk mail.  They may even call you to try to sell you their services.

whois privacy

To protect your personal information you can add Domain WHOIS Privacy protection for $9.95/year.  For a small annual fee your information will be hidden when someone does a WHOIS lookup.  It’s as simple as opting in for domain privacy when you register your domain name. We always recommend the domain privacy addon for any new domain registrations.  It’s a small annual fee that protects your personal information online.

3 – Update your website software including plugins and themes

Quite often we get caught up adding content to our websites without remembering to update the software our sites actually run on.  The number one reason websites get hacked is through outdated software and plugins.  At least once a month you should check to see if there are any updates to the software you use.  For users running WordPress for example, you should make sure you’re running the latest version of WordPress and update your plugins and theme.  When you initially login to your WordPress admin dashboard it will display your current version and notify you if there is an update available.  You can also navigate to the Plugins section and update all of your active plugins.  Hackers target popular software such as WordPress and look for websites running old versions that may have exploits.  Keeping software updated is a key component in website security and maintenance.

It’s also a good idea to remove any plugins or themes you no longer use.  Even though they may be deactivated they may still be vulnerable.  This will also help you stay organized and make things easier to maintain.

4 – Change your PHP version to PHP 7

Most websites are running PHP 5.6 however PHP 7 is available to all HostUpon customers.  PHP 7 is known to use less memory and improve website performance by almost 20% over PHP 5.6.  PHP 7 includes security improvements and eventually all websites will need to run on PHP 7 as older versions of PHP will no longer receive security updates.

PHP 7 benchmark

You’ll first need to make sure your website is compatible with PHP 7.  A simple test would be to enable PHP 7 and see if your website loads.  If it does, then your site is compatible.  If you see a blank white page or an error message is displayed on your website then you’ll need to speak with your web developer to find a solution.

To change PHP version you’ll look for the ‘Select PHP Version‘ icon inside your cPanel.  From there you’ll be able to switch PHP version through the drop-down menu.  You can also enable or disable PHP extension on that page as well.  You can read our recent post on How to Change PHP Versions in cPanel for detailed step by step instructions.

5 – Strong Passwords and Website Backups

A strong password consists of uppercase, lowercase, numbers and symbols.  We’ve seen far too many people use weak passwords for things like email or logins for their site software backend.  A strong password is your first line of defense against brute-force attacks.  By adding numbers and symbols to your text based password you’re improving security exponentially.  Just adding an exclamation mark and a number to the end of your password will make a huge difference as an example.  If you’re reading this and think your password might not be strong enough then now is the time to change it.

If you’re having trouble thinking of a strong password you can use this Free Password Generator tool.

lastly, and most important are website backups.  Keeping a current copy of your website file and database locally on your computer is an absolute must.  Too many people rely on their web hosting provider to keep backups but in the end it’s your business and your website so keep a local copy.  You can ask your web host to generate a backup for you or simply use an FTP program to download your site files and use PHPMyAdmin to export your database.  Having a local backup not only protects you from hackers but it will make it much easier to restore a file or folder if you were making changes and messed something up.

We offer all of our customers at HostUpon the ability to add our Premium Backup Service to their web hosting plan.   This backup system takes nightly snapshots of your entire hosting account on a remote server.  If you need to recover any data you can contact our support team and request a restore.  It’s one of our most popular addons and gives customers a hands-off approach to backing up their website.

By implementing the tips above you’ll improve your websites security and can then focus on driving sales and traffic for the holidays!