Website Security Month

Oct 30, 2022 | Security

Cyber attacks are on the rise

October was Website Security Month, and with the recent breaches of Optus and Medibank user data, there has never been a better time to perform a website security audit and upgrade.

Building and maintaining a strong website security is a constant process that often gets neglected by website owners due to its complexity, time consumption and cost.

As web designers, we know better.

Having a security plan in place

Over 20 years of experience in maintaining hundreds of websites has taught us that website security is absolutely critical for every online business. We have seen the devastating consequences a hack can have on a website and ultimately on a business, and we have dedicated serious efforts to preventing and minimising the effects of hack attempts.

During the years, we have optimised the security of our websites by using sophisticated security systems, introducing a variety of security plugins, scan and server security features. While all of this is great, we know that platform security on its own, is not enough.

The involvement of webmasters and site owners (i.e YOU) is just as important for properly securing a website. That is why we have compiled a list of the most essential security features you can enable that can make the difference between a hacked website and a peace of mind.


Today an SSL is absolutely essential for every website. An SSL certificate encrypts the connection between your visitors’ browsers and your website’s server so that the data transmitted between the two, such as personal information, credit card data, login credentials or else, cannot be hijacked by hackers.

To check this, look for the HTTPS and a padlock in your browser when viewing your site.

Protect your login

Your login credentials are a gateway to your account and personal information (and when talking about websites, to your domain, site and emails, too). There are several things you can do to ensure that your login credentials are safe and secure, and only you or the people you have authorized have access to your website:

Harden your passwords

Despite all the awareness created nowadays about weak passwords and the importance of never sharing login credentials with anyone, one of the most common credentials hacking is through guessing or brute-forcing easy-to-crack passwords.

Having a long password, consisting of multiple characters and combination of words, letters, numbers and symbols is an easy and super effective way to keep your accounts secure.

Remember to use different passwords for different sites and apps, update them regularly, and never share your passwords with anyone, or write them on publicly accessible places like post-it notes on your computer!

Use 2-factor authentication (2FA)

Regardless how hard your password is, there’s still a possibility for a hacker to get to it through a brute-force attack, virus, malware or other. With 2-factor authentication enabled, a secondary step needs to be passed by anyone attempting to access your data.

2FA adds another layer of authentication, usually through a temporary dynamically generated code (accessible only from your phone or email, depending on the settings), which cannot be guessed or hacked and makes your login defence bulletproof!

Make sure local computers have a virus scanner

You local computers at home and in the office also need protecting, make sure you have an update to virus, spyware and malware scanner operating at all times.

Monitor your website

Scan for malware regularly

There are numerous ways a website may get infected with malware – through compromised login credentials, infected or fake plugins and themes, corrupted software and more. Malware can have a serious impact on your site and online business.

The best prevention for it is a secure web hosting platform and constant monitoring. If we host your website on Siteground, we can activate Site Scanner – a service that crawls your website on a daily basis and notifies you of potential malware and other threats. Just recently, Site Scanner helped save thousands of WordPress sites from a particularly nasty malware.

Block suspicious traffic

There are cases where only the person managing a site can notice specific patterns or suspicious activity. Our hosts Siteground have provided easy-to-use powerful tools for blocking specific IP addresses or whole countries, enabling our customers to control who’s accessing their website and prevent unwanted visitors.

Back up your site regularly

While backups don’t protect you from hackers directly, they keep you safe from other unexpected events – a site update that may have gone wrong, an infected site that has to be reverted to a clean version and any other situation where a copy of your website is all you need to bring it back online. We know how often backups can save an otherwise dire situation.

Website Care Plans

On our Website Care Plans we provide monthly, weekly or daily backups, depending on your Care Plan level and your hosting provider. As well as plugin, theme and WordPress updates, malware and security scans, IP blocking and threat minimisation.

This article has been adapted from the original on Siteground. You can read it here.