Website Safety Check – 10 things you can do to keep your site secure

Security updates and patches are essential to maintaining security and preventing hackers being able to access important databases. At Nimbus, we automatically patch your server with any security or bug updates to maintain security. However, it is your responsibility to ensure that the CMS platform that your site runs off remains constantly up to date. Website updates often include patches that make your sites more secure. Once they’re released, we recommend installing them as quickly as possible.

A great example of this is getting into a login page. If there is a failed login attempt, your error message shouldn’t tell the user what part of their details was entered incorrectly. By ensuring that any error messages are kept fairly vague it makes it harder for hackers. They won’t be able to work out what parts they have entered correctly and incorrectly. Therefore, you won’t be giving away any clues as to specifically what went wrong for them to figure out.

Cybernews recently published a list of the most common passwords in 2022. As annoying as the restrictions on what passwords must contain are, they do help to protect sensitive information. The best someone can do is a brute force attack, in essence guessing every combination until it finds a match. The website How Big Is Your Haystack, gives a really handy guide on how long it would take a potential hacker to gain access via brute force. The more complex your password is, the better your website safety will be, and the less likely an attack becomes.

Some teams may have the option for users to upload files using  form. In which case, all files should be treated with suspicion. Even if the file looks completely innocent, it may contain a script that could be used to open up your website.

SSL (or Secure Sockets Layer) is a protocol used to provide security over the internet. It allows sensitive information like credit card numbers and login details to be transmitted securely. I does this over an encrypted link between the server and client. Recently, Google, in their efforts to promote a safer online world have been clamping down on sites that do not offer this level of encryption to their visitors. Pretty soon, all websites viewed through Google Chrome without an SSL will flag this to the visitor, possibly affecting not only trust, but sales.

HTTPS is a secure version of HTTP which allows data to be sent between your browser and the website. When using HTTPS, it means that all communications are encrypted and therefore protecting the integrity and confidentiality of your users data. HTTPS also prevents man-in-the-middle attacks as it provides authentication that your users are communicating with the intended website.

Hackers can use scripts that can scan all the directories on your web server for names like ‘Admin’ or ‘login’ and then focus on gaining access to these files and therefore compromising your websites security. Most CMS platforms allow you to rename these admin folders to anything of your choice in order to make it harder to identify for potential hackers.

A web application firewall can either be software or hardware based. We recommend using a WAF firewall that sits in front of the web server to prevent the most common type of attacks.

Unusual log file activity can sometimes be the first warning sign that someone is trying to break into your system. Within the Nimbus platform, you can detect unusual behaviour super quickly, and we reset them every day at 4am. Use our logs section to troubleshoot PHP error logs and spikes in traffic.

Even websites that take every security measure possible can get hacked, especially if they are specifically targeted. Regular backups ensure that even if your site is compromised, you can get it restored quickly and easily. Occasionally, updates can break your website’s design or functionality and some updates can be buggy. In which case you can use a backup to restore to a previous version.