Security issues affect everyone from time to time. If you are just starting out online, or even if you’re as well established as Google, someone always has something to gain by taking over your site. In this article, I’ll be going over a few of the steps I take with my websites to keep them safe and out of the wrong hands.
Use A Trusted Domain Name Provider
Every attack on a website that I have personally seen has been done through the company that the website’s domain name was purchased from, not the website itself. A horror story with a site that I frequent — CSS-Tricks — where the owner actually had his social security number leaked because of a similar problem comes to mind.
How does that work?
Your domain name controls what happens when someone types the name of your website into their address bar. Normally your domain name points to where your website actually is online. But, when an attacker gets access to your domain name, they can make www.YourSite.net point to anywhere they want, even a website that they have made with malicious purposes.
How do they get in?
First off, an attacker has to find out where your domain name has been registered. Using a tool called Who.Is, an attacker can find a plethora of information that you do not want them to find. Then, they use this information to go to your domain name provider and pretend to be you to get access to your account. Many domain name registrars do not hide this information, or have the security checks in place to prevent this from happening.
The WhoIs information for SkylerBird.com. All of it is wrong, don’t worry.
What can I do?
The reason this is at the top of the list is because I cannot stress it enough. A domain name with a secure provider that allows you to hide WhoIs information from the public with strong security protocols is the best place to start to keep your website safe. Often, these companies have more tools to further improve the security of your website beyond the features previously mentioned.
I recommend NameCheap and Google Domains, because they both meet the criteria from this article. I have personally used them both to verify this. If you do not manage your own domain name (Which, I strongly recommend that you do), I suggest asking your web agency if they have taken these precautions.
Set Up A Content Delivery Network
That sounds a little complicated. Bear with me for a moment, I promise, it isn’t. A content delivery network is a layer between people using your website and the website itself. They distribute your content to people visiting your site, and often make the site load faster than it normally would.
Well, why would I need one of those?
The most common way to bring down a website is with something called a DDoS attack. That being a Distributed Denial Of Service attack. Essentially, an attacker uses multiple computers to keep your website so busy that it cannot keep up. A content delivery network stands in the way of attacks like those, to stop them before they can take down your website.
Do I even need a content delivery network?
In all likelihood, probably not. If you’re running a small website that does not get a lot of attention, it is very unlikely that someone is going to want to attack you like that. I personally use one on every website that I put online because it makes everything load faster, keeps backups in case anything goes wrong, and the protection from attacks is a nice added bonus.
I personally use CloudFlare as my content delivery network and have had no complaints.
Contact Your Web Agency/Service Provider With Any Concerns
This one may sound a little weak, but hear me out. When an attacker cannot trick your domain name provider, or your web agency, they will try to trick you. Often, they will assume that you are not a technical person and try to scare you into giving them information about your website to get access.
What can I do?
In this case, it is very simple. If anything ever happens with your website, contact your service provider in a way that you are familiar with. If it is a serious problem, do not respond by email or click any links, even if they say it is urgent. All of my clients have my phone number and direct email address for any concerns, and I encourage them to use it.