Website maintenance and security are a crucial element of your business. You put a lot of time and money into your online image as it represents your business, so why not ensure it stays up, runs smooth, and never has downtime. Even if your website is only used to provide informational content about your products or services, your website can be compromised if you don’t perform website maintenance and management on a regular basis. The last thing you want to deal with is hackers. They can bring down your website and create a problem for your business and your customers. So, what can you do?
We’ll tackle each important task one at a time, but here is what you’ll learn:
- Backup Scheduling
- Updating Plugins
- Block Form Injections
- Integrate an SSL certificate
- Malware detection
- Junk files removal
- Update passwords
- Change Admin URL
- Add a layer of security to the Admin login area
- Track everything
- Choosing a strong server
- Detect errors
- Improve load time speed
- Integrate a Firewall
- Display “Ongoing Maintenance” Message
- Avoid Neglecting Issues
The Main Website Maintenance and Security Master List
It’s actually pretty simple. Let’s take a look at 16 tips to maintain your website’s security so you won’t fall victim to hackers or other online threats. When you follow this master list, you’ll see that your website stays in tip top shape at all times. And, that’s what you want for the face of your business!
1. How Often Should You Backup Your Website
I’m sure the idea of backups is nothing new to you. Backups are basically like insurance for your website information. But, do you perform them regularly for your site? Believe it or not, backups should be done at least every month. Regularly performing full backups give you the peace of mind that you can keep your website up and running if your site is overcome with malware or breaks in any way.
Surprisingly, most people only perform backups every six months or even every year, if at all. While you might think none of your website information has changed since the last backup, your website’s database is always updating with new user information, recording login attempts, etc. If you perform regular updates and something goes wrong, at least you have the latest version backed up and nothing is lost.
There are many plugins out there that you could put to use that will help making the backup process simpler, here is a list of some of the best and most popular ones:
If you’re more advanced, the way to avoid installing more plugins and do things the old fashion is exporting the database SQL file and compressing all the website files into a Zip, downloading all of that and store somewhere in a backup folder.
2. How to Secure a Website and Keep It Up-to-Date!
One of the biggest mistakes business owners make is when they fail to perform routine updates on their websites. Regular updates can prevent malware, ensure functionality, optimize site speed, and keep your website up and running. It really doesn’t matter what type of platform you use, when routine updates pop-up you need to make sure you follow through and not just neglect it and hope that nothing happens. If you’re using a major platform like WordPress, you’ll usually see a notification like this
Before updating anything, make sure you followed the first point about backing up your site. Once that is done, all you have to do is click on the plugins tab, locate the plugin that requires attention. It should look something like this:
Click the “update now” and you will see the update process has begun:
Once it’s done, you should see a success message informing you that the plugin was updated:
That’s it, you’re all up to date.
It’s not just the plugins that need to be updated. You should maintain the highest standards for code and website structure as well. New themes and content updates ensure that your website is working at an optimal rate.
Let’s look at it in another way. Would you ignore important vehicle maintenance when you buy a new car? Things like oil changes, brake checks, fluid replacement, and tire rotation are done to your vehicle regularly to ensure it’s always working to its fullest capacity.
What would happen if you went to drive to an important meeting and your car wasn’t working because you failed to perform the regular maintenance it needs to work? Website maintenance is pretty much the same. You don’t want to be getting ready to land a big client or deliver an important presentation and find out that your website isn’t working. When you make website maintenance a priority, your security will be on point and your business will benefit.
3. Beware of Website Form Injections
In case you missed it, make sure to watch the full live seminar I did for the Better Business Beauru about Ensure your Website is Secured. One of the main points of the seminar was about form injections. If you have a form on your website where users can type anything they like and submit it, you need to make sure your website is protected. One of the key ways hackers get into your website is through scripts. Once they’re in, they can erase important information from your website and get information that shouldn’t be in the hands of anyone else.
Large companies are targeted with these injections constantly. Just not too long ago, according to Andrea Peterson from The Switch, eBay asks 145 million users to change passwords after data breach. This didn’t happen to just Ebay, Home Depot, Sony, Yahoo, just to name a few more, all were also hacked and users’ data was leaked.
The best way to ensure you are protected from hackers in this way is to make sure your code is fully formed. Have your website development company do periodic health checks on your website. When you have a website that follows the highest level of code standard, you prevent security issues that lead to serious problems for your business.
How can you check if you website can get script injections?
At the website’s address bar, find any page on your site that has some sort of similar URL structure to:
Once you’ve located a page like that, add a single quote sign ‘ at the end of the URL:
If you are redirected to a page and everything seems normal, then most likely your website is on the right track of a secured site. However, if you see something like this:
Your website has a back door waiting for a hacker to come in.
Another quick and easy way to check is by going to a login form, and typing “ or “”=” in the username and password fields.
Again, if you see a weird message, chances are your website is not secured.
By this point, you probably understand that leaving this hanging will potentially shut down your website and can cause serious damages if clients’ information gets into the wrong hands.
4. Make Sure Your Website is SSL Certified
Speaking of information and who sees it, in our previous article “Is Your Website Flagged as Unsafe? Why You Need an SSL Certificate Now!“, we went over the reasons why an SSL certification is extremely important today. In fact, it’s so important that Google standards require your website to have an SSL if you want to be able to rank at your highest potential. When you land on a website, those that are SSL certified display a locked padlock on the left-hand side of the browser bar. For your customers, this is a symbol of trust and safety. Your viewers will actually subconsciously associate that symbol with a sense of security.
How does this following message make you feel?
If you’re a customer looking to purchase a product, you might think twice if this is a safe website to put your credit card information into.
In addition to the image SSL certification displays of your business, SSL certification provides an extra layer of protection for you and your customers.
It encrypts all sensitive, personal information so you can be sure hackers can’t get in. If you take credit card payments or exchange money on your site, you can ensure that information won’t get in the hands of someone who doesn’t have permission to have it. When you have an SSL certificate, you don’t only protect your business and your customers, you tell the top search engines that your business is trustworthy. This boils over into better SEO and enhances your business.
Besides, doesn’t this look so much better and professional?
5. Scan for Website Malware
Even if you take all the necessary steps to ensure your website is updated, cleared from junk, and backed up, it doesn’t mean it cannot catch a malware. Some malware are so high level, they sit deep in your folders and you wouldn’t even know about it. Backing up a website that has a malware in the files wouldn’t do any good in this case as the problem will never disappear.
Some great tools to consider when you want to run a full malware scan on your website:
6. Clear Trashed Content, Revisions, and Spam When Performing Website Maintenance
Over time, your website gets cluttered with old data. As you make content changes, users move from page to page, or spammers leave comments on your articles, all these things accumulate and take up valuable resources. If enough junk is collected, it could slow the site down or even crush it.
Since every resource loads when users go on the site, whether it’s a needed resource, or an old junk one, it still needs to communicate back and forth with the database. Each communication between the website and the database could cause the unwanted slow load times.
Here are a few great ways to clear your site with some powerful plugins:
7. Maintain a Strong Password
Choose your password carefully when it comes to the backend of your website. Your website password should never be something that is easy to track. It should be unique. It should be something you don’t use for any other password. If you don’t maintain a strong password for the back end of your website, you put the security of your site in harm’s way. In addition to what you choose for a password, you should change your password regularly.
Simply log in to your WordPress dashboard, navigate to your user account settings, and generate a new password.
If you’re using other platforms or a fully custom website, you can use a password generator so you don’t have to try get creative, just click a button and make a super difficult password.
It’s easy for hackers to get a hold of your password. That’s why you want to update it at least once a month. This ensures that even if it falls into the wrong hands, it’s not there for long. When you choose a strong password and change it on a regular basis, you have the peace of mind that your website is safe from unauthorized access.
8. Hide Admin Website URL Login
Most website resort to the default login URL that is generated when the website is created. For WordPress users, that URL is in the form of www.yoursite.com/wp-admin. By not changing this login access URL, you’re letting hackers have one less thing to figure out. Why would you want to do that?
You do not, and that’s why it’s important that you change that URL to something custom that only you would know. The best plugin to achieve this is Protect Your Admin.
Once installed, simply navigate to the plugin’s settings, choose your new secret URL slug, check the “Enable” box, and click “Save Settings”:
That’s it, now the next time you want to log in, it will be www.yoursite.com/newadminlogin instead of /wp-admin. If you try to access the old URL, it will not work. Therefore, adding an extra layer of protection to your site.
9. Add a Website Login 2 Factor Authentication
If you’ve followed everything up until now, you’ve already made it pretty difficult to mess with your website. Why not take things to the next level and add another obstacle – a 2 factor authenticator. If a hacker somehow manages to get to the login page, and magically they happen to figure out your extra secured username and password, they will be greeted with another field that requires a 6 digit code.
It’s a small little precaution that can really save your website, or at least frustrate an attacker so they back off. This code is something that only you would have on your phone. Not only that, this code is generated randomly and changes every 60 seconds, meaning if you lose your phone, you might have to dig a bit through your hosting and database files before gaining access to your own website again. In some cases you might have to reach out to your web design company to assist with restoring your access.
If you’re convinced that this extra layer of security is a must have, a great simple plug and play plugin is the Two Factor Authentication. Once you install it, simply follow the instructions in the settings page and you’ll be all set. You do need to have some sort of an App on your phone that stores the Google Authenticator codes.
10. Track, Limit Logins, and Get Alerted
Sometimes not knowing can help sleep better at night, but when it comes to your business, you want to know everything. What if you knew that someone tried to login to your website’s backend admin panel? Wouldn’t it be great if you could block that person from ever accessing your website again? Well, you can.
By setting up login IP tracker, you can see how many times a unique IP address has tried to log in. Moreover, you can set a limit to how many attempts to allow a user try to enter their username and password before it locks the page up for them. If a user gets locked out for many failed attempts, an email alert will be sent to you to let you know what’s going on.
With this information, you can easily add the suspicious IP address into the black list, ensuring they will have a harder time coming back if they manage to return again. Moreover, you can block entire regions or even countries if you know for a fact that you’ll never do business with those areas. By setting this limiting access, you reduce the chances of any attacks.
Some great activity trackers plugins are:
11. Get a Strong and Reliable Server
If you’re running a small website with low amount of traffic, chances are you opted in for a minimal hosting option. What you probably aren’t aware of is that you’re most likely on a shared hosting environment. What does that mean?
When you share your hosting with other websites, you’re risking getting a malware transferred from them to you, or in other words, cross-contamination. Just like the flu for humans, a malware can transfer from website to website. Moreover, by having many websites on the same sharing environment, if their website experiences a heavy load of traffic, they will require more resources. Therefore, draining the same shared resources from your website.
12. Monitor Errors and Downtime
No matter how great of a job you do with the website maintenance and security, it’s technology and things are bound to happen at some point. Having that backup we discussed about earlier can definitely save time and put things back to how they were, but it is important to know what happened so we can eliminate it from happening again.
There are many different tools out there that can check for errors and warnings that you should pay attention to. Not fixing them, can cause the website to crush or show broken pages, which is definitely not something you’d want visitors to see.
Some great plugins that can notify you of downtime are:
13. Optimize The Website Load Time Speed
Whether or not your website is fully up to date, ensuring it runs smoothly and quickly is a priority on the list. By optimizing the website’s load speed, you’re actually also finding out areas that require attention either way. In order to maintain the highest level of website standards, fully optimizing your website will not only ensure a website that is always live, but also a website that delivers fast to its audience. This is great for the users, for search engines to rank you higher, but most importantly, for your business.
Some great tools to consider when looking at website optimization:
14. Set up a Website Firewall
If you’ve heard of the term bots and web crawlers, you probably know that there are good and bad ones out there. The good ones are there to help search engines get data about your site in order to rank your page higher, the bad ones are doing the exact opposite. Moreover, the bad bots try to load your server up as much as possible so it shuts down.
By installing a WAF, or a Web Application Firewall, you are setting up a filtering system that allows certain bots through and blocks the suspicious ones.
If you’ve installed any of the plugins for the malware scan from the 5th point above, you most likely have the firewall feature already enabled, or waiting for you to enable it.
15. “Our Website is in Maintenance Mode”
When taking care of your website, it’s important to let users know that so that they don’t get frustrated when certain pages don’t load or they run across broken elements. By putting a simple “Website Maintenance in Progress” type message, you’re improving the user experience not only by notifying them about what’s going on, but you’re also letting them know you’re current and inviting them to come back when things are ready to roll.
You can easily add a maintenance message by installing the WP Maintenance Mode plugin. If you need help with installing this specific plugin, this article about “How to Put Your WordPress Site in Maintenance Mode” from WPBeginners is a great resource to checkout.
16. Don’t Neglect The Little Things
Did you happen to stumble upon a small error? Maybe you think it’s not a big deal and it can wait for now. Next thing you know, there are 10 minor issues that added up into a big issue.
When you run into a broken link, an error message you are not familiar with, or any other problem that needs to be looked at, it is wise to have a regular maintenance day dedicated to fix all these small things. If you don’t know how to take care of these things yourself, or maybe you’re too worried that you might mess something up, it’s strongly recommended that you hire a website maintenance service that can handle it for you.
Let’s Sum It All Up
Yes, it’s a lot to do, especially if you’ve never done it before. It’s much better to maintain and secure the website while it’s running smoothly rather than wait until something happens. Website security should be maintained constantly to uphold the integrity of your business. When you follow the tips covered above, you can be sure your business is protected from the most common security breaches online.
Regular maintenance is like insurance, it helps your website avoid common issues down the road at crucial times. When you invest in the maintenance and security of your website, you invest in the health of your business online.
FREE Website Security Checklist
We’ve prepared a checklist that is highly recommended you go through for when you are taking care of your website. Simply enter your name and email below and we’ll send the list to your inbox. Follow this list and you’re on track to having a solid security wall for your website.
If you want to see how your website currently performs, our team at BragDeal offers a free diagnostic report for all our viewers. Uncover your website’s status, determine whether your code is running properly, and identify areas where you can improve with our free diagnostic report.
Send us an email Support@BragDeal.com requesting the free diagnostic report and we’ll get right on it!