how to improve website security

As a business owner, it’s important to keep your information and your customer’s information safe. After all, just one small incident could end up costing you valuable time and money. And with reports of large companies being hacked regularly, security is, or should be, on every business owners’ mind.

Unfortunately, there are many ways a virus or malware could find its way onto your website. It can be overwhelming, especially if you’re not familiar with web security. We’ve put together a list of our best tips for website security. For the purpose of this article, we are assuming you are using WordPress, the most popular and fastest growing content management system, as your web hosting platform.

Complete All Updates and Patches

Content Management Systems like WordPress are powerful, yet easy to use. WordPress runs 32% of the entire Internet, including sites such as TED, USA Today, CNN,, TechCrunch, New York Post and more. This makes sites running WordPress, and other content management systems, very popular targets for hackers.

With so many developers creating so many different themes and plugins, it’s likely that a few of them will have security weaknesses. Hackers search out those weaknesses and exploit them to gain access to your website. Thankfully, updates and patches usually contain fixes for known security issues. Updating regularly ensures that your website is protected as well as it can be.

Install Website Security Tools

There are numerous options when it comes to security tools for WordPress, and many of them are completely free. When choosing one, look for an option that regularly scans your entire site for malware, viruses, and trojans and notifies you if there are any issues.

Install a Web Application Firewall

A web application firewall is a server plugin or filter that applies a set of rules to HTTP traffic. These rules help prevent common attacks such as cross-site scripting and SQL injection. In plain terms, a firewall stops viruses from entering your site, eliminating the need for damage control further down the road.

Limit File Uploads

Allowing users to upload files directly to your website can be fun, but it’s a huge security risk. Any file upload, regardless of size, can contain script or code that may infect your website. In order to reduce risk, you should limit the types of files that can be uploaded and regularly scan shared files for malware.

Use PCI Compliance

If you accept digital payment, you must adhere to the Payment Card Industry Data Security Standard (PCI DSS), or PCI for short. This set of security standards helps ensure that you and your customers are protected from cyber attacks by providing basic security provisions for your website. If you don’t comply, you may even be prosecuted on the federal level.

Use Strong Passwords

This one should be a given, yet we regularly work with customers that still use simple passwords like “ABC123” or “password.” Hackers are quite adept at figuring those out. A good policy is to always include a variety of numbers, letters and special characters, and then change your password often. At least once every 90 days is recommended.

Keep Everything Backed Up

Last, but certainly not least, backup everything you do. Having a recent backup of your website can save you a world of trouble in the event that something happens. If the worst-case scenario does occur, and your website becomes unusable, you can use a backup to get it up and running quickly again.


Want more tips and how-to articles to help take your business marketing to the next level? Please subscribe to get future editions of our newsletter, “The Edge.” Stuff you need to know, delivered once a month. No SPAM, no bull, unsubscribe at any time. Sign up at