Free: Assessment Does your website build trust with buyers and bring in revenue?

Score My Website

Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.
Score My Website
Web Design  |   Data Security

How to secure your website: 5 tips for every business website

Daniel Escardo

By Daniel Escardo

Feb 11, 2020

How to secure your website: 5 tips for every business website

Over the course of 20+ years as a web developer, part of my job has been to ensure that the websites I produce are easy to use, beautiful to look at and, of course, secure

Secure is one of those words that is thrown around a lot in conversation regarding website development. It’s important to everyone, promised with the best of intentions, but still often overlooked. 

A website that is insecure can lead to the manipulation and interception of sensitive customer information.

This is information that your customers faithfully give to your business assuming you’ve done everything necessary to protect it — and you need to make sure that you do.

I have backups and I can recover if I need to. Why should I “waste time” worrying about securing my site?

Securing a website is not just about preventing your site from being hacked

Although it is important to protect your investment, ensuring that your site is secure is more about protecting your customers / visitors. 

Their information security is paramount to anything else. 

Having a site that is vulnerable might mean that a hacker can inject code that makes it look like your site is requesting information from the user, but really is taking that information to phishing scams, third-party contact lists, and all sorts of nefarious practices.

A website that is secure and puts visitors at ease translates to the way they feel about your company, too.

If your site is not on the up and up regarding best practices, security, protection, etc. that might be a direct correlation to your corporate outlook or attention to detail.

There is way too much competition now-a-days and the web is your industry's first point of contact when a consumer is looking for who should enjoy their business.

How to secure your website in 5 steps

Following are the most important steps one can take towards securing a website. Some are related to architecture and some are related to infrastructure, but they’re equally important. 

If your site is missing something on either side of this, it could mean a gaping hole in your site’s security / integrity.

1. Make sure your site uses an SSL connection. 

An SSL connection is one of the easiest ways to ensure your customer’s information is secure and provide them an actual certificate that says so.


SSL (secure sockets layer) is the encryption method used when a connection is made from your web host’s server to your customer’s browser.

With it, any form submissions or any personal data collected / provided is protected from being stolen during transit. When a user clicks the submit button on your forms, the data collected in the fields is encrypted, sent, then decrypted on the either end. 

Now, an SSL certificate is the assertion, provided by a reputable, recognized third-party that your site’s ownership has been verified and that the customer can trust that the connection is secure.

It lets users know that you are indeed as secure as you claim. Otherwise, consumers wouldn’t know definitively.

2. Enforce strict strong password policies for admins

If your website uses a Content Management System (CMS) then there is typically a backend dashboard to your site where staff or site administrators can sign in and make changes to the site or perform various other functionalities.

It’s natural for users to create passwords that are going to be easy for them to remember, but ultimately, this could be a security risk for the website.

You may have heard the saying “A chain is only as strong as its weakest link.” Well, it’s the same with security. 

One cracked password for administrator could result in the hack of your site in ways that have nothing to do with denial of service and everything to do with stealing your customer’s private information.

If you ensure that your site registration process contains a strict password policy, you’ll ensure that no one user can affect the integrity and security of your website. 

3. Keep your software up-to-date

Every single day new vulnerabilities are found in existing code. This can be everything from ways to inject code to PHP systems to javascript vulnerabilities found in a specific WordPress plugin’s jQuery version.

As these vulnerabilities are made public, software providers update their codebases to ensure they’re patched and new protections are put in place and as a site administrator, you need to keep up. 

Over time, hackers prey on the sites that are moderately to severely out of date due to ease with which they can take control.

We’ve talked many times before about ensuring your website is backed up as a form of protection against catastrophic events. 

A great host-level backup process provides the ability to update software immediately with minimal testing.

If something were to go catastrophically wrong during an update, you can always roll it back to your last backup point and ask your web developer to take a look at why the update broke the site.

For software as a service companies like HubSpot, this is all taken care of for you automatically — leaving you to only have to worry about your marketing / content strategies and execution.

4. Procure a web hosting service that has security top-of-mind and forces customers to follow suit.

A great hosting service will force its websites to adopt certain security practices for everyone’s protection. 

For example, hosting companies like WPEngine, force their users to upgrade their hosting packages to the latest version of PHP within a short amount of time after release. 

They also make that super simple for their customers and even allow them to test run their sites on the new coming version before the upgrade their existing environments. 

This is done to give customers a chance to upgrade any code that is incompatible with the new version of the underlying PHP language which powers many website content management systems, including WordPress. 

A try before you buy approach, if you will, keeps compliance and adoption of these upgrades high while avoiding fully crashed websites and angry customers.  

Aside from that, if you’re on WordPress, many hosts provide automatic plugin updates which ensures that your plugins are always up-to-date and free of vulnerabilities wherever possible.

It’s always my recommendation that plugins be used sparingly when possible and that our customers only use plugins that have a large user base and are actively supported. 

These plugins normally focus on backwards compatibility among many other factors providing that security that your site won’t break every time you update their plugin.

Just like we mentioned above, closed content management systems like HubSpot take care of all the security implications for you.

You can bet they have top web security professionals putting their attention and expertise at work day after day.

5. Make sure you follow file and folder permission best practices.

Your server’s file and folder permissions control the way files are used and by whom they can be used. These are set individually on a per file and per folder basis, although there are ways to bulk update based on type.

Software is usually a collection of files and functionality that is imported into other files and functionality. 

As you can imagine, a lot of that is broken out into many different files for organization, to make it easier to update and immediately make updates available to everything else that imports or uses it.

Using the wrong file permissions could allow a hacker to access a middleware file — mentioned above — and inject their own functionality, highjack communications to and from the site, and even copy their own code into other files making the hack super difficult to eradicate.

This is not for the faint of heart. You’ll definitely want to use a professional to make sure this is all set up properly, but just asking the question might make the difference in ensuring someone takes a look at it versus having it fall through the cracks.

There are many ways to update folder permissions and different CMSs require different permissions. Usually, these can be changed either by updating them one by one within the file manager or via SSH terminal commands which can address more files at once.

Protect your customer and your reputation

A secure website provides the confidence that user’s need to conduct business with your company on the web.  Now-a-days none of what we’ve mentioned is rocket science or a brand new development

This has become the norm and what is expected of you as a content provider. 

Your customers will most certainly judge you based on your ability to provide them a secure environment where communication and/or transactions can be conducted free from the worry that their personal information is going to be stolen. 

Any break in that trust could mean a direct hit to your bottom line if your customers decide they feel better doing business with one of your competitors that has a super easy-to-use, secure and modern website.

Providing that cushion of trust is a small step to take towards garnering the trust you wish to gain or retain from your customers.


Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.

Related Articles

Can I Use AI Tools To Build My New Website?

September 18, 2023
Vin Gaeta Vin Gaeta

What Is a 'Learning Center' and Why Does My Website Need One?

September 14, 2023
John Becker John Becker

How Much Does a Website Redesign Cost in 2023?

July 20, 2023
Vin Gaeta Vin Gaeta

Do You Need a New Website? Maybe Not

July 19, 2023
Vin Gaeta Vin Gaeta

14 Award-Winning Website Designs (& What They Did Right)

July 17, 2023
Christine Austin Christine Austin

What a New Self-Selection Tool for Your Website Will Cost

July 13, 2023
John Becker John Becker

9 Self-Selection Tools to Inspire Your Business Website

July 10, 2023
John Becker John Becker

Website Conversions in 2023 — STOP, START, KEEP

January 25, 2023
Vin Gaeta Vin Gaeta

8 of the Best Business Website Designs to Inspire You in 2023

November 17, 2022
Daniel Escardo Daniel Escardo

What Does a Great Inbound Marketing Website Look Like in 2023?

November 14, 2022
Daniel Escardo Daniel Escardo

Your 2023 Website Strategy Must Include These 6 Things

November 4, 2022
Mary Brown Mary Brown

4 Ways To Recession-proof Your Website In 2023

November 1, 2022
Marcus Sheridan Marcus Sheridan

Website Mastery: A better redesign process for your business website

November 1, 2022
John Becker John Becker

8 Best Content Management Systems for Digital Marketing in 2023

October 1, 2022
Daniel Escardo Daniel Escardo

12 Essential Tips for Improving Your Web Design in 2023

September 13, 2022
Christine Austin Christine Austin

23 of the Best Examples of Business Blog Design

May 30, 2022
Christine Austin Christine Austin

5 Prep Secrets for a Smoother, More Successful Website Project Plan (+ Infographic)

May 16, 2022
John Becker John Becker

Website Redesign Checklist: The 12 Crucial Steps You Need To Be Successful

February 22, 2022
Joe Rinaldi Joe Rinaldi

11 Pricing Page Examples for Business Websites (Updated for 2023)

January 18, 2022
Daniel Escardo Daniel Escardo

8 Crucial Elements Every Homepage Design Should Have

January 15, 2022
Daniel Escardo Daniel Escardo

What Makes a Good Website Design? 7 Award-Winning Examples To Be Inspired By

December 18, 2021
Daniel Escardo Daniel Escardo

Why Homepage Carousels Are Bad (& 3 Alternatives to Try Instead)

August 26, 2021
Joe Rinaldi Joe Rinaldi

Google Shares New Tools to Audit Website User Experience

August 12, 2021
Daniel Escardo Daniel Escardo

New HubSpot CMS Hub Starter Tier Released for Growing Businesses

August 6, 2021
Daniel Escardo Daniel Escardo

Too many internal links in content can confuse Google about site structure

July 9, 2021
Daniel Escardo Daniel Escardo