5 Ways to Fight Common Website Security Risks

You buy a home, you fill it with nice things. To secure your home, you add locks to the doors, sensors to the windows and all kinds of other security systems.

Isn’t your website kind of like a home? You fill it will valuable content. You build your site’s readership. In time it becomes a web property.

You’ve spent all this time building your web property, but it’s possible that you’ve forgotten that there are several ways to secure the content that you produce.

Why would someone want to hack me?

That’s what website owners think right after they find out their site has been the subject of an attack. Sometimes attacks are used to steal names and passwords of your users or to steal credit card information, and sometimes it’s just to screw with you.

Regardless of the motive, an attack on your website can have dire consequences. I know a popular blogger who was recently the victim of a hacker attack that installed malware on his site. Within hours, there was a “malware alert” to anyone who wanted to visit his site, and if it had been left along too long, he could have lost all of his SEO rankings in Google too.

Although security issues come in many flavors and nothing is ironclad, here are a few of the ways you can protect your website.

Find out the CMS features that publishers require to manage an online publishing business. Download a FREE copy of 7 Ways Haven Wordpress Goes Beyond Wordpress, and discover the features all publishers should have access to for a bigger audience, greater revenue, and higher profits.

Akismet – All WordPress blogs come with Akismet pre-installed and you can get a “key” directly from WordPress. This plugin protects you from thousands of comment spammers that will crawl your site and leave you comments laced with rotten, low-quality backlinks.

WP Better Security – If you’re on WordPress, this is a good plugin to install, which locks logins when someone tries to log in more than three times with the wrong credentials. Many hackers have bots that can keep attempting to break in all day long if you don’t stop them in their tracks.

Security Certificates Users can easily identify a secure or non-secure page on a website these days by the secure symbol up in the browser bar. Make sure that your payment processing is secure and if you are telling users that it is, make sure the symbol is showing up. Also, for added credibility, show users your SSL certificate information and security badge at the bottom or top of every page. Protect your customers and their data by installing a security certificate (like Verisign) that watches for malware and other vulnerabilities.

Update your site – If you’re using an open source platform like WordPress, it’s important to stay on top of updates, which patch security holes and fix other common issues.

Assign better passwords – Skip the cute passwords and use ones that involve a combination of letters, numbers and characters. Use something like Lastpass to create good passwords.

Additionally, Appstorm recommends deleting your WordPress installation folder. “Once the installation is done there is no use for the installer folder in the day-to-day operations of a website. It is very much possible for a hacker to run the installer once again, empty the database and take control of the website & its content. Ideally it is strongly advised to delete the folder once the installation is complete, but if you know your way around the web server, you can also opt to rename the folder.”

What about document security?

And what about the non-hackers, the stealers of content, the content hackers that spread our valuable content around the web? Well, there are ways to secure that data too.

Vitrium.com – “Protectedpdf” applies protection to individual pages instead of the entire document and prides themselves on making it “less complex” for the user to view the file. You get the ability to track PDFs and limit access by computer.

LockLizard – In addition to the ability of protecting your PDFs from unauthorized viewing, copying, sharing, saving, and distribution, it even protects your document from screen grabbing or capturing. You have the ability to instantly revoke access and control how long people can view your files.

WP PDF Stamper – This plugin allows you to stamp a PDF with the personal details of the the person downloading in order to discourage them from sharing the document.

No matter what you do, you’re never completely safe on the web, but these few security measures are a good start!

What are you using to protect your website and your content?


    Great advice! I also password protect the login folder, which provides a double barrier, using a different password than my login. This will only work in non-member sites. Also, I turn off access via SSH as I have found that this is the route preferred by most hackers. I only turn it on when/if I need it, then turn it off again. Moving the config.php file out of the web root folder, making it inaccessible via www is also a good practice. You can never be too safe! The biggest threat is drive-by malware, where the visitor to your site has malware automatically installed on their machine and can steal their personal info.


Leave a Reply