1. Backup, Backup, Backup. And then restore.
    • First and foremost in making sure that your website is safe and secure, is thinking about the worst case scenario and if everything was to go wrong, working out how you would go about getting your site up and running as quickly and smoothly as possible. Remember that your backups are only as good as the latest time you tried to restore them. There is no point in having a backup if you can’t get any data out of it. Learn how to backup your website hosting here
    • Think: Encode backup all of our websites every night; Does your host?
  2. Update software
    • Most modern websites aren’t crafted page by page, but use a content management system (CMS) like WordPress, Joomla or Drupal (or many more besides). Like all software their may be security vulnerabilities found in the code, and it is best practice to make sure that this software is kept up to date.
    • Task: Log in to your website to check whether you have updates available for your CMS, plugins or themes. We also offer a range of website maintenance plans that will take this off your plate.
  3. Only install plugins you trust
    • Plugins are great in the way that they can easily extend the core functionality and allow you to add e-commerce to your site or help guide you to better search engine optimisation. This ease can also add to an over abundance of unnecessary plugins.
    • Question: When was the last time you audited the plugins you have installed? Do you still need everything?
  4. The “s” in https means secure
    • When you view a website over plain http, the information that is transmitted is unencrypted and can be read or changed anywhere on it’s route across the internet. To stop this, you need a valid SSL/TLS certificate (The thing that gives you a green padlock in your browser) for your domain name, and your website configured to use it. This isn't just for e-commerce sites.
    • Did you know: Encode include a free SSL/TLS certificate with every hosting package; Does you hosting company?
  5. Passwords
    • We all know the advice of trying to make passwords complex by using capital and lower case letters, numbers and symbols. However you should also make sure that you use a unique password per website, as if one were to be hacked, the “bad guys” will then use these details to try logging in to other websites.
    • Get help: Use a Password Manager like Lastpass, 1Password (or others available) to help you manage your passwords. These services allow you to have a master password, then set a random password per site.
  6. Users
    • Your CMS will help you manage different users on your website with their own usernames and passwords, so that you can, for instance, allow access to web designers, copywriters, colleagues, etc. Best practice would say that you should only allow the features needed for each user to perform their role.
    • Check: Audit time again! Does someone adding a blog to your website need access to install new plugins? Run through each user and make sure they are set to the correct access level.
  7. Business Class Hosting
    • Not all hosting is created equal! Running a quick Google search will bring up nearly 200 million results, but this doesn’t mean all of it will be good quality The profit is made by adding more clients on to fewer servers which means that your website or customer service level may suffer.
    • Plus: At Encode we are dedicated to making sure that your website never suffers and as we focus on companies local to us means that every website owner has a name not just a number.
  8. Follow security news
    • In this day and age it is quite easy for your email inbox to get overwhelmed, but picking a good quality news source for your website CMS can keep it concise. We can recommend WordFence for WordPress security news, or Securi for WordPress and general news.
    • Also: Make sure you sign yourself into our newsletter to get a monthly run down, tips and tricks to keep your website the best it can be.
  9. Run checks
    • As well as taking our word for it, you can also run independent checks against us and your website. First, making sure that your site is running securely, head over to SSL Labs and Security Headers which will scan your hosting infrastructure to make sure it is the best is can be.
    • Then: Once you have your security in order, load up GTMetrix to ensure your site is running fast and give actionable tips to get your site tip top.

We hope this will get you on the right road, but is you still have questions, feel free to reach out or start getting your web hosting in order.

Thank you for reading.



Monday, April 15, 2019

« Back