Let me start by saying, you can never really ensure the security of your website. But there is plenty of things you can do to minimise your chances of being targeted.
Once your website has been built and made live by your web developer your website may become vulnerable to attack.
Web developers often build websites with functions and permissions enabled to make their job easier, however once the site is live, leaving the site in an insecure state allows malicious visitors to potentially compromise your website.
When it comes to popular website platforms such as WordPress, Joomla and Drupal, website permissions need to be made secure and administrator usernames and passwords must be made complex.
Never use the username “admin” as this is a common default username and makes the attacker’s job so much easier. Similarly, passwords need to be complex. That means at least 8 alphanumeric characters with symbols included.
We regularly see login credentials set as – username: “admin” with a password like “abc123”. This kind of set up is just inviting trouble.
If you’re one of the 80% of website users who choose the WordPress platform, then ensure your webdeveloper add some level of security. For example – by default – we restrict access to the WordPress dashboard by IP address at the server level.
In addition, always make sure your developer gives you instructions on how to maintain your website by keeping the WordPress core, plugins and themes up-to-date.
As part of our regular service to hosting customers – we’ll undertake a complimentary security assessment of a website. Any website host operating under best practice security protocols would do the same.
Stay safe… Ed.