These days it’s vital to understand how to protect your website from viruses. To do this, you need to know the main threats and how to address them.
How to protect your website from viruses
If you’re looking at how to protect your website from viruses, there are five key points you need to know. Take passwords seriously (especially for administrator accounts). Protect the computers (and mobile devices) you use to access your website. Practice good access control. Be careful about choosing and managing your software. Sign up to a website vulnerability scanning service
Take passwords seriously (especially for administrator accounts)
In theory, we’re all supposed to use a strong and unique password for every account we have. In practice, we all have so many accounts (for work and our personal lives) that, for most of us, this is effectively impossible. You do, however, need to use strong and unique passwords for your website login, hosting login and FTP/sFTP server login.
Ideally, you should also use two-factor authentication. Please note, however, that TFA can also be hijacked, especially if you implement it via text message rather than via a token. It’s unusual and people with the necessary skill-set would probably be more likely to attack bigger targets than SMBs, but it can happen. This is one of the reasons why you still need strong and unique passwords, even if you’re using TFA.
Never have people share login details, even if it is convenient. If you need to give someone temporary access to your website (or temporarily upgrade their access), then create an account for them (or change an existing account) and then revoke the access as soon as they have finished with it.
Protect the computers (and mobile devices) you use to access your website
If you’re looking at how to protect your website from viruses, then this needs to be a top priority. Securing your website without securing your own network is like locking the door but leaving all the windows wide open.
Protect your work devices with a robust anti-malware solution from a reputable cybersecurity company. If you have workers connecting remotely, then ideally you need to arrange VPN access for them. Even then it’s very much preferable for them to avoid using public WiFi connections unless you’re really sure you can trust the provider.
Practice good access control
The more people have access to your website, the more chance there is that one of them will cause damage through ignorance or malice. This is a strong argument in favor of limiting the number of people who have access to your website at all, even without administrative privileges. It’s also a strong argument in favor of vetting them very carefully before you hand over any user names or passwords, especially for administrators.
Review your workflow and think carefully about any instance where you are trading convenience for security. For example, if you have a team of content creators, it may be very convenient to have them all load up their work directly onto your website and take care of all formatting, meta-descriptions, tags, etc.
It would, however, be more secure to have them hand the work over to a nominated person for them to load up. That would reduce the number of accounts that needed to be created. You have to decide which matters most to you, but ideally, security should always be your top priority.
Be careful about choosing and managing your software
The main content-management systems are all open source. For completeness, there are some proprietary ones out there but they tend to be packaged with hosting services and sold as all-in-one website-building solutions.
One of the main reasons these open source solutions are so popular is because you can customize them as much as you like. If you use a popular solution, such as WordPress, you will find literally countless templates and plugins to help you achieve just about any goal and if you don’t find what you need or want, then you can go ahead and create it.
This has all kinds of benefits, but it also means that it opens the door to both malicious and incompetent developers. The latter can do at least as much damage as the former, even if it’s unintentional.
One of the major issues with third-party plugins is that the original developers can simply lose interest in their product, especially if it’s free (or just not making them any real money) and move on. This means that the product stops receiving security updates, although it may be possible for you to have them developed yourself.
On the whole, the best approach is to limit the amount of software you use, choose it with care, and make sure that it is kept up-to-date.
Sign up to a website vulnerability scanning service
No article on how to protect your website from viruses would be complete without mentioning this. Website vulnerability scanning services actively scan websites for vulnerabilities and report them to the administrators so that action can be taken as soon as possible. Obviously, different services have different options at different prices. Most, however, if not all, will offer some form of malware scanning and a firewall for your website applications. Both of these are highly desirable for keeping your website secure.
Please click here now to have your website scanned, for free, by cWatch from Comodo
