The Basics of Website Security for Indys Who DIY

Written by Erin Ollila on May 1, 2017

In addition to my writing career, I’m also the co-founding editor of Spry Literary Journal. We’re a boot-strapped, all-volunteer team working on our tenth issue. To say the journal’s been a labor of love is an understatement. Our tiny team tackles everything from graphic design to website development. We’re keyed in to the basics of website security, and we work tirelessly to protect our contributors’ writing and artwork. So, when we got hacked in late 2016, we were shocked.

When most solopreneurs start out, they try to DIY as much as possible to save their funds for other, more pressing expenses. Website creation, design and maintenance are often the solopreneur’s responsibility. If you’re not allocating additional time and resources to protect your site from potential vulnerabilities, there’s a huge chance your site could become one of the estimated 37,000 websites hacked every single day.

Update Your Passwords Often

I’ll admit it: I’m a late convert to hardcore passwords. I liked my easy-to-remember options, and I didn’t have any interest in changing them. Who wants to remember something complicated, like “C5!20dGy39&!cf,” when you can have “ILoveMyDog123!?” Unfortunately, hackers of all skill levels prey on our need for simple, short, hard-to-forget passwords, which is why all self-employed professionals need to embrace difficult, long passwords.

Need help coming up with them? Certain sites, like PasswordsGenerator.net, can generate new passwords for you. Better yet, you can invest in a tool, like LastPass, that can generate passwords and store them safely, so you don’t need to remember all the crazy combinations of letters, numbers and symbols. You only need one master password, and LastPass takes care of the rest.

But a strong password is only the first step. You also have to follow through by changing it on a regular basis. Set reminders on your schedule to create new passwords monthly or quarterly.

Update the CMS

One of the basics of website security most people fail to complete is updating your content management system (CMS). It doesn’t matter if you use WordPress or another option — these CMSs push out regular updates to fix bugs and vulnerabilities on their end. If the end user doesn’t make the updates, their site remains vulnerable to hackers.

How can you stay on top of the changes? Keep your system updated. First, your CMS should alert you whenever you log into the admin panel if it needs updates. Be on the lookout. The CMS or your website host may also directly email you to remind you of updating. Another option is to set your calendar to regularly search for updates, and you should consider doing this option in addition to the first two.

Plugins, Themes, Extensions

Similar to the updates in your CMS, some of the other major vulnerabilities on your website are found in the plugins, themes and extensions you use in conjunction with your site. Again, a great way to stay one step ahead of any potential hackers is to keep these items updated at all times.

Before you even load any plugins, themes or extensions, do your research. What ratings do they have? Read the comments others wrote to find out if there have been any vulnerability issues. If you decide to purchase, set up a Google alert with the name of what you bought to stay on top of any issues that may arise after you activate them on your website. There are also plugins that can help you ward off a hack attack, like the paid version of Wordfence, which protects WordPress sites from login attempts.

Do the basics of website security seem too advanced for your liking or skill set? Keeping your site safe from potential hackers takes time, and if you’re already overworked, the responsibility doesn’t need to fall on your shoulders alone. Hire someone else, like a website developer or a virtual assistant, who can handle owning site security for you. Then, you can focus on what you do best — running the business.

Leave a Reply