How Do I Make My Website Secure?

Where your website is vulnerable, and how you can improve security.

Website Vulnerability?

Low Tier Risks

These are issues that occur not because someone is directly targeting your website, but because they’re taking advantage of an available opportunity. Low tier risks are vulnerabilities that can be utilized by a user with bad intentions, but little technical skill.

Spambots are a common example of low-tier risks. While they may not be capable of hacking directly into your website through your comments’ section, they can affect the appearance of your website or skew your data sets.

How Can You Protect Your Website?

There are simple tools that you can implement on your website to protect against low tier risks.

  • ReCaptcha - Verify form submissions are from humans.
  • Honeypot - Monitors and audits your comment section.

Mid-Level Risks

Mid-level risks represent vulnerabilities to opportunistic users, who may not be specifically targeting your website but will take advantage of an opportunity if they find it.

Mid-level risks are more serious, and while they may not expose your website directly, they can affect other technology your website is dependent on. Extensions and system integrations are another example of this, especially if they’re out of date.

How Can You Protect Your Website?

The best way to protect yourself against mid-level risks is to be aware of what your website connects into, and make sure those extensions are kept up to date. If you have a custom website with more complex integrations, we recommend keeping track of who’s responsible for each component of your website with a RACI sheet.

High-Level Risks

High-level risks are posed by users who have a reason to target your website in particular. In many cases, this is a risk faced by ecommerce websites who store sensitive payment information.

How Can You Protect Your Website?

High-level risks are more complex attacks, and a common vulnerability is the server itself. Evaluating how your website is hosted, whether it shares server space with other websites, how it’s being monitored, are all questions that should be asked of your hosting provider.

Protecting Your Website

We often say that with website security, the best offense is a good defense. The best way to protect your website is to take steps at every level to ensure that there aren’t any exposed vulnerabilities. The unfortunate reality of the internet is that you can’t guarantee 100% security, but you can definitely implement procedures and policies that ensure your website is as secure as it can be.