How to Secure Your Website

There are two main reasons that you need to secure your website.

Firstly, to protect your site, and your and your users’ data.

Did you know that hacking is the number one method of data breaches online, accounting for 61.9% of lost information? There’s a cyber attack attempted every 39 seconds, of every hour, of every day.

That’s a lot.

And 43% of those cyberattacks target small businesses. That too is a lot.

And secondly, for Google. …or any other search engine you use. Search engines want their users to have the safest web experience possible. That’s why they favour sites with a good level of security. A secure site will achieve a higher page ranking than an insecure site.

So now you know why it’s important, follow these 7 simple steps to secure your website, keep the hackers out, and become Google’s best friend at the same time.


Don’t use an easy to guess username and password combination. It’s the equivalent of going out and leaving your front door open. Common sense. Use a long password with a mix of letters, numbers and symbols. If you’re worried you may forget them there are several great password vaults out there which can store them for you, such as LastPass.

Install An SSL Certificate

OK, first things first. SSL stands for Secure Sockets Layer. Now you know what it is, let’s explain what it does.

Installing an SSL certificate encrypts certain data that gets passed between your site and its users. It’s also high on Google’s list of agreeable things – so it’s super important for SEO purposes.

The SSL certificate is issued by your hosting provider, and there’s often a free option that suits most websites. If you’ve got an eCommerce site or one that relies on user data and payment gateways then you should use a more advanced certificate.

Broadcom figures state that on average 4,800 websites are compromised every month with form jacking code – and yes, that includes payment detail forms. To make matters worse, it’s often small and medium-sized retailers that are affected. So make sure your site has an active SSL certificate.

Not sure if your site already has one active?

Go to your site online and have a look at the left-hand side of the URL address bar. If you see a padlock then you’re all good. If you don’t have an SSL it will state ‘not secure’ and some users browsers and internet providers will block access to your site.

Good Anti-Malware Software

Many hosting providers will have anti-malware software included in their plans – even the basic ones! But there are free plugins available too. Wordfence is the current number one and gets the Kakadu seal of approval.

Better to have at least one of these two options on your site.

Keep It Up To Date

Out of date platform (i.e. WordPress) installs, themes and plugins are a hacker’s best friend. If using a simple username/password combo is like leaving your front door open, then not updating your site is like leaving the back door open. Wide-open.

Hacking communities prey on this low-hanging fruit approach to access your site, and nothing good comes of that. Many updates can be applied automatically, but this isn’t best practice. Doing the updates manually allows you to check that they don’t break anything on your site as soon as you have done them. Much better than waiting for a user to tell you about a broken feature or worst case getting frustrated, leaving and you losing a potential customer.

If something breaks, it’s probably a plugin at fault. To fix it, you can either disable your plugins one by one until you find the culprit and adjust their settings accordingly.

Or if that’s too much like techy hard work…

Back It Up

Take regular backups of your site and keep them handy in case of emergency. If everything goes pear-shaped, the last thing you need is to have to rebuild your whole website from scratch.

If you have a WordPress site then free plugins like UpDraft can do that for you from within the dashboard. Connect it to a Google drive or cloud storage, schedule regular backups, and then you’ll always have one ready to go if it hits the fan.

Monitor Your Comments

It’s not just your own security you have a responsibility for. Your users are just as much of a target as you.

Bots, trolls, and other nefarious characters can use your comment section to spam or even post malicious content. Dodgy URL links are a prime suspect for phishing scams. Broadcom tells us that one in ten URLs are now malicious, so don’t think “It’ll never happen to me”. It probably will.

Mind Your Emails Too

Scam emails have come a long way since the classic “I have your long lost Uncle’s $30m to transfer to you. Just send me your account details and security information”.

Scammers are getting more and more sophisticated by the day, and phishing emails are their most common technique to get your login details and passwords.

“Your PayPal account is blocked. Your Netflix membership has expired. There’s a message from your bank. Earn a million pounds working from home. Invest in Bitcoin with free $100 to get you started. I am a sexy Russian (definitely not a 22 year old from Noida, India…), click here to see my private pictures. You may be due a tax refund from HMRC”… You know the ones.

Look at the sender’s address, and the chances are it’s from a bogus domain. Whatever you do, don’t click any links. You’re basically opening the door to your website and allowing hackers a chance to come on in and make themselves comfortable.

Written by Kayleigh Nicolaou

Co-founder of Kakadu Creative, Kayleigh has worked in the media industry since 2007, managing projects and campaigns for clients ranging from independent high street stores, to music festivals and international brands.
June 15, 2020

Explore more like this...

Do you need help securing your website?

Get in touch with the form below and let’s have a chat about what you need and how we can help.

Plus, if you found this useful be sure to subscribe to our quarterly newsletter for tips, advice and insights to help your business.