Picture of Nathan Gaidai
Nathan Gaidai
Table of Contents
Top 5 Security Tips for Website Owners and Agencies

Top 5 Security Tips for Website Owners and Agencies

Table of Contents

If you’re a website owner, business owner, or even a new developer entrusted with your company’s website credentials, you need to know a few things that will help you avoid future disasters brought by hackers. No one can tell exactly when a website gets hacked, the only thing you can control is learning about the preventive measures mentioned in the video.

Though I will give some tips unfortunately I have to because a bunch of you guys are behaving like you’re penniless and you’re not. Pay for your website hosting a little bit extra. Please follow these guidelines, I’ll try to keep it short under 10 minutes just so you can write it down. I highly recommend you don’t skip anything, do all of these. 

Guidelines for Small Website Owners

So if you’re a small website owner make sure to speak to your developer and tell him that you want to have a cloud backup. Which means something that’s not physically on your computer alone. That’s the old school system where you would keep a local version of your website on your computer and then if your computer for some reason goes bad which is possible, especially if you keep it next to an aquarium or it’s a laptop so make sure to have a cloud something that’s not on your computer, somewhere else. 

Guidelines for Business Owners

If you’re a business, you need to have at least two backups of your website, one on the cloud and one physically somewhere. Just make sure your dog doesn’t eat the USB flash drive or wherever you’re going to keep it. That’s not an excuse, you should keep it either in a safe or I would recommend even putting it in a bank safe, and buy those lockers that are on top so if it gets flooded, if you’re I don’t know in Florida that it doesn’t get in, although I’ve never heard that they get flooded. 

Guidelines for Enterprise Business Owners

Then if you’re an Enterprise, you want to have you know like extremely diversified backups, at least three backups. I would highly recommend four just in case because it gives you more access points for it. 

Firewalls & Software Recommendations

And then the next step would be a firewall, most important thing in my opinion because if you do have a firewall it usually has some sort of integration with a backup so it already does that part for you. And even if it doesn’t it’s kind of automated there are many different software you can look at but if you own your own server which is also a recommendation on its own I would recommend using software like a moonify 360. They also have a free version that is just not automated so if something happens you kind of have to do it on your own. 

What it does basically on the paid version, I wouldn’t talk about the free ones because I wouldn’t recommend them honestly, just pay the $10 / $20 a month and what it does basically, let’s say your website got hacked or something happened or you had some malware it will alert you. And they also have a team, a team that is really good, like you email them, they boom they help you right away and they’re very knowledgeable so if your server is complex they will help you and they can extend your stuff to multiple servers and multiple websites. I’ve ran 30 to 40 websites at once with their system no issues whatsoever, automatically backs up anything that might happen. 

A website I own could get hacked, I wouldn’t even know it happened, I’ll get a report but the website would be running smoothly. I would highly recommend to get that sort of firewall, it’s considered a network firewall and then also a firewall for your WordPress website, not just the server it’s also the same concept. 

There are many different software, I don’t want to recommend a specific one because they change over time. In the past there was one plug-in that was good and then I switched to a different and then a specific website would like this one and then that one wouldn’t like it that one integrates that one doesn’t. So for your specific use cases, figure out which one you like.

Educating People Who Can Access Your Web Server 

The most important thing is really educating whoever works on the website. I’m gonna share this because it’s really important to illustrate the problem with website security nowadays. Not just clients that I had but their employees used to keep all of their passwords on a Google sheet that was publicly accessible or just laying around printed in their office. I had a client that left password sheet on a publicly accessible office, somebody walked, in took a picture it didn’t take a day all the websites everything got hacked. I mean, I walked into the office to help them and I saw it like under the glass you know, like you could see the passwords, like just common sense or don’t keep the link accessible to the entire public. There are robots who crawl for these things, because there’s a lot of people who do that. 

Use something like, well I don’t want to recommend  software because it might change in the future but you should do your research and maybe check places like Reddit, it’s still a very good community. I would read about “best local password generator and storage”. I personally use *beep* I’m not going to tell you because it might change in the future, again it’s security you always have to check with your current year. Anything could get hacked now and then later it wouldn’t be considered good. 

And you can also have Cloud password manager, just make sure to do your research, don’t keep your passwords everywhere because if you keep your passwords everywhere you’re just gonna get hacked. It’s just a matter of time. 

Two Factor or Multi Factor Authentication

To wrap all of these tips up in a bundle, two or multi-factor authentication, don’t use your phone, I can fake texts to you at any given time like this *snap*, I’m not going to do it but it’s possible right, it’s I think it’s a federal felony don’t even get into that. But you can do these things, it’s very easy to fake that stuff and this is how people get scammed, catfish, you name it, like you could lose everything. 

If You Can Easily Remember Your Password.. It’s a Bad Password..

If you remember your password it’s bad. I will link to a video in the description that explains why you never need to be able physically to remember your password, should be so long you don’t remember it and then everything else around it should be fine, unless you just leave your password on the table.

Multi-factor authenticator would even protect you from that. So let’s say somebody got your password but they need the multi-factor authenticator that is not using the text to text to you, it has to use your phone that has your fingerprint on it, you’re good. 

But then again if your fingerprint, I don’t know got wet, got injured, you need to remember the password for the phone which should be long, like for example it could be a birth date upside down with like XYZ 7 XYRZ something long that nobody can just type in on your phone without you noticing it. Be very careful, just follow these guidelines and you could save yourself a big headache. 

64 / 100