In the last installment of this series, we got hot and heavy with some technical concepts around securing email that may have caused even the most tech-savvy users to reach for a few glasses of water. Rest assured that this installment will be a much-needed break to let us dive into something a little lighter: Securing your website.
A website needs an SSL certificate to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust.
Five ways to secure your website.
As with any technology, securing a website is multi-faceted. Here are some of the initial ways a website can be more protected:
Install an SSL Certificate.
SSL certificates are used to enhance the security of communication between the visitor or a site and the website itself. More on this later.
Keep your site up to date.
Websites, like any other technology, require maintenance and care. Keeping your website code and plugins up to date helps protect your website from the latest vulnerabilities.
Practice good password habits.
As mentioned in other installments of this series, practicing good password habits like resetting any default passwords, separating admin accounts from normal accounts, using a password vault, and creating complex passwords are great ways to help secure access to your website.
Utilize MFA where possible.
As mentioned previously in Part 3 of 8 – MFATS, ensuring you utilize MFA on every account, especially admin accounts, will provide a level of security that will keep out malicious actors.
Subscribe to security tools.
The above list can help lock down your website, but what about the areas you can’t secure on your own? For those, subscribing to security tools can be a great way to help protect your website. Antivirus and vulnerability scanners can continuously help ensure your website functions properly and without malicious code or links.
The benefits of securing your website.
Of course, a secure website lets visitors know their information is safe from hackers. Also, internet browsers like Google Chrome, Microsoft Edge, Apple Safari, Mozilla Firefox, and others have been upgrading their safeguards to stop people from visiting unsecured websites.
This means that not only is your unsecured website an easy target for hackers, but people who would otherwise purchase your services may not be able to get to your website. And even if they do, they may decide to go with a competitor who has secured their website.
Securing your website with an SSL certificate has the highest visibility to potential customers.
Since most of the above list can be referenced in earlier contributions to this series, we will focus on an area we still need to address: SSL Certificates.
What is an SSL Certificate, and how does it work?
An SSL certificate is a piece of code that ensures your website communicates with visitors over HTTPS (Hypertext Transfer Protocol Secure) instead of the unsecured HTTP (Hypertext Transfer Protocol).
SSL works by installing a certificate on your web server that you obtained from a certificate authority provider. These certificates act somewhat as a lock and key system to ensure the communication between your site and a visitor is encrypted and not readable by malicious parties in the middle. Once the certificate authority provider has validated your website, every computer on the internet will immediately trust your website since every computer on the internet comes pre-installed with the same certificates from those providers.
Essentially, every computer on the internet is ready to trust any website that these certificate authority providers have trusted. So it makes this system pretty convenient!
How do you know if you have a valid certificate?
There are a few ways to ensure your website has a valid certificate. The easiest way is to visit your website and look for the lock symbol. Each browser displays it a little differently, but it should look something like this:
Another great resource we recommend is called hardenize. You simply enter your website address into the search field on the home page, and it will do an in-depth review of the security of your domain name.
You can scroll down to the WWW section, and the following should be green.
Even better, you can see when your certificate expires by clicking on the HTTPS menu item in the WWW section. And yes, they do expire!
How you can add an SSL certificate to your website.
Every website hosting provider is slightly different on how to add an SSL certificate to your website. If you are hosted on a fully managed platform like Squarespace, Wix, or Weebly, it is only a matter of turning on a slider or a checkbox. Their support can also help you get that enabled. One of the benefits of going with a fully managed hosting provider!
If you have a website hosted on managed WordPress from GoDaddy, they have instructions for requesting and purchasing a certificate. Once you purchase the certificate, it is a single step to enable it on your site.
If you host your own website, your process will be two-fold. The first will be installing the certificate on the webserver itself. The second will be enabling the certificate on your website. For instructions on enabling SSL on your web host, follow this guide.
To install and enable the certificate for your WordPress instance, you will want to install the Really Simple SSL plugin. It makes installing and managing your SSL certificate really simple, as the name states!
We recommend contacting your hosting provider for support. If you have any doubts about these processes.
As you can see, there are some great benefits to securing your website, as mentioned here. We hope this blog post gave you some insight into identifying the first steps to securing your website for your business. While there is a plethora of information here, there can be much more to consider when implementing the strategies mentioned in this article. As each business is unique, so are its website security needs and, more importantly, its website risks.
How StrataNorth Can help.
If you are ready to transform your business’s security landscape and are looking for experts to guide you, StrataNorth has security consultants with decades of experience. We can help you reach security nirvana and give you a roadmap for success. Reach out for a no-cost, no-obligation chat with a security expert today.