Is your website an open door? After the email data breach announced recently, it is essential that you protect your website and check that it’s secure.
Inside Hospitality Solutions is delighted to continue our cybersecurity advice with the following website security top tips and recommendations.
Note: Some technical expertise and access to your website admin dashboard will be required.
1 Install an SSL/TLS Certificate
An SSL Certificate provides a Secure Socket Layer (SSL) delivering a website security certificate.
There are several additional benefits to an SSL installation:
- Security of data using public key encryption
- Compliance with industry best practices/privacy regulations
- Direct benefit to site Search Engine Optimisation status and brand reputation.
- No SSL installation or an out-of-date SSL will result in your website potentially being blocked by search engines.
2 Conduct a website security scan
There are many security software plugins to install on your site that will continually monitor and protect your site.
You may also want to consider a Web Application Firewall.
Contact IHS if you need further feedback on ways to protect your website.
3 WordPress Site Plugins and Themes
Site plugins should only be installed via trusted developers and should be updated with every new software version development.
This update can be set to automatic via the WordPress dashboard, but we also recommend a manual check on a regular basis.
You are likely to have an active THEME and perhaps one or two additional themes installed.
If you have more, consider deleting and always update the installed themes with every new version release.
4 Access to your Website Administration Dashboard
Once your website has been built and launched, the only persons who should have administrative access are the very specific people responsible for day-to-day updates, maintenance, content editing, and additions.
A content contributor may need site access, which can be restricted to contributors only. Note that there are other roles with limited admin access; check your site dashboard for more information.
5 Password Security
We have previously outlined best practices for unique personal passwords, and the same applies to website access passwords.
Where your business has several or numerous personnel with access to the website, you should set a standard for password requirements and updates. Most importantly, whenever staff move on, you must have a process of removing their access from your company systems and website.
6 Human v Software/Bots
We strongly recommend that you consider multi-factor verification and/or CAPTCHA systems to reduce or block robot-based website traffic.
7 Limiting Invalid Login Attempts
We all know that bot systems can launch a multi-login attempt on your site as part of a brute force attack.
Limiting invalid attempts will lock out the attack after a set number of attempts and for a pre-set period of time.
There are many more (and more technical) actions you can take to secure your website.
Check with your site developers/administrators or contact InsideHS for more information.
Do you have any industry knowledge, experience, or news you’d like to share? Why not send us your press releases, survey results, news, and articles? We will review them and may publish them on the IHS website. Just complete the contact form and get in touch.