Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

6 tips to prevent your website from being hacked

Home > Observatory and resources > Expert papers > 6 tips to prevent your website from being hacked

Homepage spoofing, personal or banking data theft or theft of text and photos… Whether you have a cooking blog, an e-commerce platform to sell your hand-made jewellery or a virtual storefront to showcase your business, every website owner is at risk of hacking. And this means financial losses and damage to your image, etc. However, a few simple best practices will help reduce threats that are becoming increasingly sophisticated. To mark Safer Internet Day today, 11 February 2020, here are 6 tips for securing your website.

Install security patches systematically

This is our number 1 tip! The vast majority of attacks on sites are made possible by a flaw in the software supporting the website – and hackers will take advantage of this. You should get your service provider to ensure rapid installation of security patches for your website as soon as they become available or subscribe to publisher alerts if you manage your site yourself.

Limit the number of users and their rights

More often than not, several people have the rights to modify a website. However, you need to control how many people have these rights and what they can do: as a matter of fact, the higher the number, the greater the risk! It is advisable that each person has specific rights that are restricted to the person’s sphere of activity in order to limit human error. Therefore, each user has unique privileges on their account that they mustn’t share: for example, one person may be authorised to publish articles only, whilst another may only amend the page layout of the site.

Get clued-up so you can anticipate the risks

Protecting yourself properly means getting clued-up first of all. Many attacks can be attributed to human error: the more we know about the risks, the better we can anticipate them! Ideally refer to reliable external service providers that will manage your website project guaranteeing the highest level of security, for example, a web agency, a freelance professional or digital services company. For those not able to call on the services of professionals, there are many official guidelines and training sites online providing information on essential website management best practices and how to apply them.

Choose your password carefully (again and again)

When you acquire a domain name and you select your content management system (CMS), choose a login password that is complex enough to prevent hacking. Avoid things like “123456” or “qwerty”! It’s best to have a password that is sufficiently long (at least 10 characters), includes upper case letters, numbers and special characters and has no connection with your date of birth, the name of your business, your pet or your address, for example. Then you must change your password on a regular basis to reduce the risks even further.

Back up often

If your website is hacked, there may be several consequences: the site becomes unavailable, the content is altered, or viruses are introduced, etc. It is vital therefore that you back up your data regularly and to a safe place. Some service providers and tools offer an automatic scheduled backup. And, as the saying goes, it’s never the backup that fails, it’s always the restore: so remember to test your backups!

Protect your domain name and visitor data

As well as these technical best practices, website security also includes protecting your domain name (the name before the .fr in the browser address bar). Several tools exist to minimise hacking risks, such as .FR Lock (which locks your domain name at registry level) and DNSSEC.

Finally, for e-commerce sites in particular, it is vital to have an SSL certificate nowadays. In addition to the reassuring presence of the little padlock in the browser address bar, it is an indispensable way of guaranteeing that all data transmission between Internet users and the site is encrypted and, therefore, protected against hackers that could intercept them (bank card numbers, photos and other confidential information).

Several registrars offer these options when you purchase or renew your domain name.