Cyber-crime is one major threat to internet users that cannot be under-estimated. It costs far more damage than we often estimate. From simple errors of negligence to serious compromises that lead to major data breaches, internet crime. It costs the global economy more than $400 billion annually and it’s increasingly hurting business operations.

Further reading:

How to secure your website from attacks using the .htaccess file

Imagine that your website is exploited by a hacker and all relevant data lost. How do you address the issues of your clientele base, statistics of payments and renewal dates, statistics of short-term subscriptions and the reputation of your website?

Despite its seeming unpopularity, cyber crime is a huge problem and the task of dealing with it is equally profound. In 2019, targeted attacks against small businesses was reported to have nearly doubled and of the one in five that experienced a cyber attack annually, 60% will close their doors within six months as a result. So, the cost is enormous and that explains why you must take your website security seriously.

In this article, i will explain 6 ways to keep your website protected from cyber attacks.

Read also: How to Prevent Spam on Your Joomla Website

1. Be password-savvy

This is an issue that has been re-emphasized over and over again. If your password is still Password@123; it’s time to get serious. Create unique codes for each of your accounts, and make sure they are at least 8 characters long (with a few special ones thrown in). We suggest you use the cpanel password generator if you have access to your website control panel.

Also read: 10 Tips to Guide Your Website Security Policy

You also need to be weary of the email attached to your web hosting account. The password for such email must be equally strong because if anyone can gain access to your email, then the person should be able to reset your password and also gain access to your account.

As a rule, do keep to the following:

1. Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.
2. Don’t use personal information. Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.
3. Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
4. If the web site supports it, try to use special characters, such as $, #, Most passwords are case sensitive, so use a mixture of upper case and lower case letters, as well as numbers.
5. Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute-force attack can easily defeat a password with seven or fewer characters.
6. To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password. Be sure to add in numbers and/or special characters.
7. Create different passwords for different accounts and applications. That way, if one password is breached, your other accounts won’t be put at risk too. Do not use the same or variations of the same password for different applications.
8. Despite admonitions to the contrary, one easy way to remember your passwords is to write them down and keep them in a securely locked place. Never leave them on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place).
9. Consider using a secure password manager. The Firefox browser has a password manager already built in. The Firefox password manager and 4 others are reviewed
10. If you have already established a password that is not strong, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as my account) somewhere on the site’s homepage that goes to an area of the site that allows password and account management. 

2. Secure All Emails Linked to Your Website

Effectively securing your website means you have to take the security of all emails that are linked to your website as important as your website security itself. This is because every website is always linked to an email address. This is one key area that has been neglected but it’s as important as the other items. However, it should also be mentioned that most website hacks have not been linked to weak email passwords. I will still recommend you take your email security important to be protected all round from those who will go all out.

Also read: How to Prevent Your Website From Exploitation

This process also demands that your local computer should be free from viruses and malware and other vulnerabilities. Be mindful of what you do with the computers with which you access your emails linked to your website, and any other emails at all. Having infected computers can compromise the security of your emails and your website eventually.

2.1 Basic tips and Guide to protect you from email intruders

• Obtain comprehensive security software. Be sure that the security software you select is like McAfee Internet Security and protects you and your PC from viruses, worms, Trojans, unwanted e-mail (spam), phishing scams, and other malicious software. It should also have a firewall like McAfee’s products, which can monitor your Internet connection and stop unwanted traffic to and from your PC. Be sure to keep your security software up-to-date. Ideally, you want it to be like McAfee’s Internet Security Suite that has automatic updates and upgrades.
• Share your e-mail address with only trusted sources. Only your family, friends, and trusted business contacts should have your personal e-mail address. Do not post your e-mail address on Web sites, forums, or in chat rooms. If you post your e-mail address, you are vulnerable to receiving spam or having your e-mail passed on to others. If you would like to subscribe to a newsletter or Web site and receive confirmation e-mail for online transactions, consider using a generic e-mail address that is not linked to any of your personal information.
• Be careful when opening attachments and downloading files from friends and family or accepting unknown e-mails. You can obtain a virus, worm, or Trojan simply by opening e-mail and attachments, and by accepting files from your friends, family, or others. If you choose to download files, make sure your security software is enabled and pay close attention to any warnings provided.
• Be smart when using Instant Messaging (IM) programs. If you use an IM program to communicate with friends and family, be careful when sending any personal information. Protect yourself by using a nickname for your IM screen name. Never accept strangers into your IM groups. Be smart about how you use your personal IM at work because your employer may monitor and view your personal messages.
• Watch out for phishing scams. Phishing scams use fraudulent e-mails and fake Web sites, masquerading as legitimate businesses, to lure unsuspecting users into revealing private account or login information. To be safe, if you receive an e-mail from a business that includes a link to a Web site, make certain that the Web site you visit is legitimate. Instead of clicking through to the Web site from within the e-mail, open a separate Web browser and visit the business Web site directly to perform the necessary actions. You can also verify that an e-mail is in fact from a legitimate business by calling the business or agency directly.
• Use e-mail wisely. E-mail is a great way to keep in touch with friends and family, and as a tool to conduct business. Even if you have good security software on your PC, your friends and family might not have the same protection. Be careful about what information you submit via e-mail. Never send your credit-card information, Social Security number, or other private information via e-mail.
• Do not reply to spam e-mail. If you don’t recognize the sender, don’t respond. Even replying to spam mail to unsubscribe could set you up for more
• Create a complex e-mail address. With a complex e-mail address, it makes it more difficult for hackers to auto-generate your e-mail, send spam e-mail, or target your e-mail for other types of attacks. Make sure you come up with an e-mail address that you can easily remember. Try to use letters, numbers, and other characters in a unique combination. Substitute numbers for letters when you can. A sample complex e-mail is: Tracy3Socc3r2@samplee-mail.com.
•  Create smart and strong passwords. Make it difficult for hackers to crack your password. You can create a smart password by incorporating capital letters, numbers, special characters and using more than six characters. An example of a strong password is: KK+Go1dM!n3.
• Never enter your personal information into a pop-up screen. Sometimes a phisher will direct you to a real organization’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Install pop-up blocking software to help prevent this type of phishing attack.
• Encrypt emails and valuable information. If a hacker does breach your system, encryption makes it that much harder to get away with critical data. Voltage, DataMotion, and Proofpoint are industry leaders worth checking out. Encryption is often applied in two different forms, a symmetric key or an asymmetric key. A symmetric key, or secret key, uses one key to both encode and decode the information. This is best used for one to one sharing and smaller data sets. Asymmetric, or public key cryptography, uses two linked keys – one private and one public. The encryption key is public and can be used by anyone to encrypt. The opposite key is kept private and used to decrypt.

3. Implement Data encryption best practices

A complete guide to data encryption is beyond the scope of this 101-level article, but in general, the following principles are good to follow if you want to encrypt data securely and efficiently:

• Keep your encryption key secure! This should be exceedingly obvious, but it can be easy to make mistakes that allow unauthorized parties to access your data. For example, if you leave your encryption key in an unencrypted file on your PC, there is a good chance that someone could find it and wreak havoc. A few solutions could be to: separate the keys from the data, separate the duties and access limits of users, and rotate your keys on a schedule.
• Encrypt all types of sensitive data, no matter where they are stored or how unlikely you think someone is to find them. This should also be blatantly obvious, but if you follow IT security headlines, you know that lots of big-name companies have been breached simply because they left important data unencrypted and someone gained access to it. By encrypting your data, you make it much harder for someone who is able to breach your systems to do something bad.
• Assess data encryption performance. Effective data encryption entails not just making your data unreadable to unauthorized parties, but doing so in a way that uses resources efficiently. If it is taking too long or consuming too much CPU time and memory to encrypt your data, consider switching to a different algorithm or experimenting with settings in your data encryption tools.

4. Back up your data

Copying your key company data onto a cloud-based system, such as Dropbox or OneDrive, or a USB hard drive takes minutes, and will save you time and anxiety if your system is ever compromised. You can backup your entire website online. cPanel hosting environment and other hosting applications have one-click backup tools which are very handy. You can use the back up tool to maintain a healthy backup just to protect you from very serious disaster.

Further reading: A Practical Guide to Secure and Maintain Your Website

Backing Up a WordPress Website

WordPress backup and restore process is probably the easiest to implement. If you have installed your WordPress website with Softaculous, you just visit your website control panel. From the left menu panel, click WordPress manager by Softaculous. Then all your WordPress installations will be displayed. From the right side, click the arrow to expand the panel and click the backup link to begin site backup. Wait until the process is completed.

To restore your WordPress website, follow the same process and click the restore button. Wait for the restore process is completed and that is all it takes.

You can also restore your WordPress website with plugins like Duplicator, Updraftplus, Blogvault, BackWpup, and Jetpack Backup.

Backing Up a Joomla Website

Backing up your Joomla website is also pretty easy. You can backup manually or use a plugin. To backup manually, copy the files to a safe location and download the database using the control panel tool, phpmyadmin. To restore, simply upload the database file to a clean database you have created and upload the files to your desired location. You will need to check your configuration file to be sure that the database name, location and passwords correspond. If you face any challenges, simply contact your web host for help. More detail on Joomla back up and upload can be found in our documentation.

5. Maintain Software Updates

This is an aspect that had been neglected by many. It is important that you check for updates daily on your most critical websites to be able to take action as quickly as possible once there be need for an update. Always ensure that your keep your website up-to-date especially if you run a content management system. Keeping your system updated with the most recent software updates will help you overcome exploitation associated with discovered vulnerabilities.

Why Updates Are Important

• Security Fixes

When new updates and launched, they sometimes come with vulnerabilities which were not detected during the production phases. Usually, when it becomes publicly available, these vulnerabilities are detected reported. A patch is released as soon as possible and the version is updated.

• Compatibility Issues

Updates often fix compatibility issues in software functionality. Sometimes, some codes are depreciated due to compatibility issues, basic requirements change with software upgrades causing issues and such other issues. Updates are often released to fix these issues.

• New Features

This is often certain to come with software upgrades and updates. New functionalities are added to make the software more user friendly, secure and easy. It is a continuous process and is the one reason an update is often something to do. 

Key Considerations Before an Update

• Server Considerations

Software functionalities go with some basic server requirements. Before you update your software, check to be sure its requirements matches your server standards. You may want to check with your web host if it you are not sure of server suitability for your software version.

• Back Up Your Site

Ensure that you have a healthy backup. It could your last option if something goes wrong with your upgrade process.

• Plugin Compatibility

Plugins, modules and extensions add functionality to websites and they will be found used in virtually all content management systems. Before you upgrade, check that your new version is compatible with your plugins and extensions. If they are not, you may need to wait until the extensions and plugins are updated or you disable the plugins to avoid complications.

Further reading: How a Plugin Installation Can Crash a WordPress Website

6. Check Security Advises on Software Use

Finally, you will need to check up specific security suggestions associated with your website design tools so that you can implement relevant security advises. The popular website design tools are WordPress, Drupal, Joomla, Magento, OsCommerce, (not in order of popularity). Check specific security guides for these applications to stay safe.

Final Words

Website updates are a normal part of website management. They will always be necessary for security, functionality and enhancements. Keep in mind that you must keep a healthy backup of your site before you embark on an update. Remember to check the requirements before you run a software to be sure that your server environment supports the new update and check compatibility of your installed plugins with your planned updates.