Your content management system (CMS) is essential to how you manage your website. Imagine what damage someone could do if they got unauthorised access to it? To help you avoid this, we have pulled together a few things you can do to keep your CMS secure.
1. Pick a strong password
Bad things can happen if your password is discovered by a hacker, so it’s vital to keep your passwords secure. When it comes to selecting your passwords, try to keep the following in mind. Choose passwords that:
- are memorable to you only
- are over 12 characters long (these are harder for hackers and computer programs to crack)
- combine different words (either random or quirky phrases)
- include one or more special characters (for instance, capital letters, an exclamation mark or numbers)
- are unique. Choose a different password for each account you own. If you re-use the same password hackers will not only get access to your website, but also into your email and any other accounts you use that password for. If you struggle to remember so many different passwords, don’t let your browser save them as these can be visible to someone who hacks your PC. Instead use a password manager to help you remember all your different passwords. It means you only have to remember one master password!
2. Only use trusted plugins
Many content management systems, such as WordPress, are constantly evolving, with new features regularly being added. However, it’s rare that an ‘out the box’ version of a CMS will meet all of your requirements. This is where plugins come in.
There are a huge number of free and premium plugins available for WordPress, so the functionality you are looking for has often been created. If you do use a plugin with your CMS, only use trusted plugins by well-rated developers in the community. This will help avoid the risk of poor code changing other features and functions on your site and invalidating them.
3. Monitor your Google analytics
Regularly monitor your website’s analytics as changes in data could highlight any negative trends in your site traffic or other statistics that may be the result of hacking activity. Of course, any negative trends could also be down to your own site design, content or changes in market demand!
4. Install an SSL certificate
Installing an SSL certificate on your web server converts data into a code as it travels between the server and a user’s web browser. This makes the data useless to hackers if they get hold of it. This is especially important for websites capturing customer data and e-commerce sites, where money and sensitive data are being transferred.
You can tell if a website has an SSL certificate installed as the URL will start with
https:// and there is a green padlock (or tick if you are using Internet Explorer). To create a HTTPS connection, you need to purchase an SSL Certificate from a certified authority and get it installed on the server. The certificate is normally valid for a year and needs to be renewed annually. To ensure that the SSL certificate is installed and configured correctly it’s wise to get an expert to install it for you. Speak to your hosting provider to find out if this is a service that they offer.
5. Stay on top of your security updates
Security updates fix vulnerabilities in the CMS software, preventing your website from being exploited by hackers:
- check your CMS dashboard for security updates, as most display the updates ready for download. If your CMS doesn’t or you are unsure, contact your hosting provider.
- check if your website is backed-up as part of your hosting package. This means that you will have a recent version of your website to go back to should your CMS get hacked.
- if your website is more than 5 years old, speak to your hosting provider to ensure that you are receiving the necessary updates and your CMS is still fully supported. It may be you will need to change to a newer CMS to ensure your website remains fully secure.