Why you need website security and how you can get it

Have you been noticing when you visit certain websites, they have the little “i” in a circle symbol next to the web address, or a padlock with a line through it?

Have you noticed other websites with the green padlock symbol?

In January 2017, Google started adding the “not secure” icon to indicate when you are visiting a website that is not hosted on a secure web server. If you click on the icon, you’ll see a list of items in the drop down that may compromise your security or you may get a warning not to enter sensitive information such as passwords or bank info.

On the other hand, if a website is hosted on a secure web server, Google will indicate that it is secure using the green padlock symbol. You may have noticed the green padlock symbol when you visit bank or government websites, or eCommerce websites that take online payments.

How can you tell if your own website is secure?

If you look at the web address (or URL) of a website with the “i” symbol vs one with the green padlock symbol, you’ll also notice a difference between the protocol. The protocol of an unsecure website is http://, whereas the protocol for a secure website is https://.

To find out if your own website is secure, simply add the https:// in front of your domain name and see if the green padlock symbol appears. If it’s not secure, you’ll get a warning message saying your connection is not secure, and if you proceed you’ll likely be presented with a warning as mentioned above.

However, not all “secure” websites are equal. The level of security may depend on a number of criteria, such as host country, age of web server, whether your website is on a shared or dedicated server, the level of security measures provided by your web host, as well as the type of content management system you’re using for your website, whether it’s being updated regularly and the level of security add-ons you or your web developer have implemented.

Why is a secure website important?

Over the course of the next few months, Google will start to rank websites that are secure higher than those that are not. For this reason alone you will want to make sure your website is secure.

Many websites collect data, including your name, email address and/or phone number. Generally, even on “non-secure” websites, this information is usually passed through an encrypted page, which one might think is secure enough. However, unsecure websites are vulnerable to attack by hackers that could compromise your visitors’ security.

Ecommerce websites or any website collecting payment are especially vulnerable if they are not on a secure server and it is highly recommended that such websites are hosted on a dedicated server and various security features are included on both the server and the website front end. Any website collecting personal information, such as home address, social security number, and financial information should also be hosted on a secure web server.

Even if you’re not collecting data of any kind, your website is vulnerable to attack by hackers. An example includes injection of phishing code that creates links to nefarious websites where your visitors’ information will be compromised and used fraudulently or worse still, their bank details may be compromised.

WordPress websites are particularly vulnerable to hackers especially if you do not keep the software and plugins up to date. It is imperative that at minimum you allow WordPress to perform automatic security updates which can be turned on during installation or later through your installation software or the WordPress dashboard. There are a number of other steps you can take to enhance the security of your WordPress website, including security plugins, login and email captcha, using hard to guess usernames and strong passwords, changing installation directory names and so forth.

In conclusion, for a regular website a minimum level of security through a shared SSL certificate offered by your web host and keeping the software and plugins up-to-date making it less vulnerable to attack is a good idea. If you are running a full blown eCommerce website and taking personal details and payment info, then you should consider obtaining full security being hosted on a dedicated server and using a trusted security provider.



Tags: , , , , , ,

Comments are closed.