7 methods to enhance the security of your website

S

everal years ago, I visited the website of a well-known technology company, and to my surprise, a message appeared saying: “This site has been hacked by the Chinese.” I kid you not! I know you might be thinking, “that only happens to the big sites.” Nothing is further from the truth. They could have enhance the security of their website by using the following methods.

Cybercriminals hack any website, large or small, to obtain information that they can turn around and sell. Strengthening the security of your website is the difference between its demise and its survival.

Above all else, guard your heart, for everything you do flows from it.

Proverbs 4:23

The heart of your digital strategy is your website, you must take care of it and protect it with zeal. Only in this way you will ensure its long permanence and inspire the trust of your followers. I recommend that you hurry to implement these 7 methods to enhance the security of your website.

1. Enhance the security by adding an encrypted protection layer

Secure Socket Layer (SSL), or its most recent version,, Transport Layer Security (TLS), refers to a layer of protection encrypted with security certificates to disguise any transmission of data on the network. It prevents intruders from reading the transmitted information as it will appear encrypted and illegible to them..

Authorized certifying entities issue protection certificates so that, once installed on your website and configured your web server, they are provided to your users and secure connections are established. The following image represents how they work:

Certificates are priced annually and tend to be expensive, unless you use Let’s Encrypt, the first authoritative certification body to offer renewable certificates every quarter for free. Check the conditions of your web hosting to install them.

In addition to the security component that certificates add to your website, there is also a search engine optimization effect as by product that improves your website’s rankings, traffic, and conversions.

2. Enhance the security by installing a specialized security plugin

Every time you want to add features to your website, think that you need a plugin. To strengthen your security, you need a specialized plugin with several functions at the same time.

I use Shield Security for WordPress. With this powerful plugin you can protect the administrative functions of your website, by:

• Stopping a cybercriminal robot from forcing your password
• Preventing someone without your second form of authentication from entering
• Preventing other computers from connecting to the administrative area

Shield Security’s control panel controls all options, preventing unauthorized third parties from managing or destroying your website. Below, I explain three of these functions.

3. Enhance the security by ensuring that only humans login

You have certainly seen in the movies how they connect devices to a secure site to guess the key or password. These things actually exist and are the favorite tools of cybercrime.

To prevent a hacker robot from discovering your password in a brute force attack, I recommend that you implement Google reCAPTCHA.

Just go to the Google reCAPTCHA, website, click the button to get it, log in with your Google account, choose reCAPTCHA v2, register your website domain, and click “Register.”

This procedure will assign you a key (Site Key) and a secret (Secret). Enter them in the Shield control panel, under Configuration> General > CAPTCHA, as indicated in the figure above.

Then enable it under Configuration > Login Protection > CAPTCHA. Now, along with your username and password, you must click on reCAPTCHA before logging in.

4. Enhance the security by implementing MFA with Google

Authentication to digital systems consists of three areas: what you know, what you have, and who you are. Your username and password belong to the scope of what you know; your ATM card or your cell phone belongs to the scope of what you have; while the iris of your eyes and your fingerprint belong to the realm of who you are.

To implement multi-factor authentication requires elements in more than one scope. On your website, this means that you not only provide a username and password, but also something that you have. Google Authenticator to turn your cell phone into that something.

Google Authenticator is an application for a smartphone or tablet. Once installed, it generates six-digit codes that change every 30 seconds and confirm that you have this device authorized to enter your website.

To configure Google Authenticator with Shield, go to: Configuration > Login Protection> Google Auth, and select the appropriate option.

Then modify your administrative user, or any other user for that matter, to use it. This is done in your WordPress user profile. Scan the QR code on your profile with the Google Authenticator app, and it will be enabled.

Get the code generated by the Google Authenticator application on your mobile device:

Now every time you enter your username and password, and click on reCAPTCHA, you must have your cell phone at hand to enter the additional code to log into your site.

5. Enhance the security by implementing MFA with Authy

An alternative to Google Authenticator is Authy. Authy replaces Google Authenticator with the same functionality as described above, but travels with you and not with your mobile device. What I mean by that is that it allows you to create an account that you can use to install Authy in more than one device and it saves all your multi-factor code registrations with it.

This function is in sharp contrast with Google Authenticator, which is matched with your mobile device, and it cannot be easily move to a new device or a secondary one.

Another function I value is the ability to search for your code. This is especially useful when you have many websites and web applications you use for logging in.

You will have to use the codes produced by Authy instead of Google Authenticator in the Google Authenticator section of your user profile in WordPress to establish the connection.

6. Enhance the security by blocking malicious attacks with a firewall

The function of a firewall is to prevent malicious attacks from affecting critical files on your website. The firewall is like a filter for operations and restricted areas where you will not be able to enter.

For example, your users will be able to post comments, but not alter the software file that controls them, or write opinions instead of programmatic code.

Do you want to restrict areas to define what your users can or cannot do? Shield Security can help you, with nine blocking options and a whitelist of sites you never want to block. Enable them under Configuration > Firewall.

7. Enhance the security by establishing a regular backup

Creating a regular backup of your website is the ultimate protection. Make sure you can retrieve all published information, all functions, and all collected data.

The frequency and retention of the backup will depend on how often you post. Lean on your hosting service to create them and make sure they run on a fixed schedule on a regular and automatic basis. To explore the options, I will dedicate another article soon.

Also, use cloud storage services like Onedrive or Dropbox to create your work files, documents, photos, and videos before uploading them to your website. This creates a double level of protection for your intellectual property.

Do you want to learn more about cybersecurity? Please review the article 7 safety locks to keep hackers away from your social networks. I want to know if your website is safe and what is preventing it from being safe. Please write your comments below.

How about you, are you concerned about the security and permanence of your website? Is your website protected against malicious attacks that could destroy it?