View all articles

Web Insights

Website Security

With over 2,200 cyber attacks occurring daily, website security is more vital than ever. Read our guide below to help understand what we do at Brighter and how you can contribute to keeping your website secure too.

Use a reliable web hosting service

Choose a reputable web hosting provider that emphasises security. Look for features such as regular backups, firewalls, and malware scanning. SSL certificates are vital. Avoid shared hosting where possible.

Our primary hosting choice uses a combination of Vultr and Ploi to create a lightweight, secure and performant environment for our clients' websites.

We also highly recommend implementing a web application firewall, or WAF, (like Cloudflare) to screen and filter incoming traffic. It acts as a shield between your website and incoming traffic, blocking malicious requests.

previous section
Introduction
next section
Use a secure content management system

Use a secure content management system

Our first-choice website system is Craft CMS, a content management system that employs all the best practices when it comes to website security.

Craft CMS is a closed-sourced project, and the licence fee we and other users pay is invested to mitigate the chances of future vulnerability attacks. We further improve its security by obscuring the administration and configuration files.

As well as this, Craft CMS has the ability to have extra security extensions added in like IP locking (the CMS can only be accessed from specific IP addresses) and password update reminders.

While Craft CMS is not the world’s largest CMS, this is actually an advantage. Mass-market solutions like Word Press are often targeted because, from the hackers’ viewpoint, the amount of damage they can do is likely to be larger.

previous section
Use a reliable web hosting service
next section
Keep your website up to date

Keep your website up to date

Keep your content management system, plugins, and third-party tools up-to-date. Hackers often exploit outdated software vulnerabilities.

Also ensure your website is being backed up regularly. Should the worst occur, having a recent backup can get you back online quickly. (Don't worry - if your website is already hosted with Brighter, we're backing it up!)

Speak with Brighter about our maintenance plans where we can proactively keep your CMS, plugins and website systems up to date and check for security issues at a regular interval.

previous section
Use a secure content management system
next section
Use strong passwords

Use strong passwords

A surprisingly simple piece of advice that we often put in the "too hard basket" - ensure you use strong passwords for your website CMS access. Avoid common passwords or those easily guessable. Use a combination of letters, numbers, and special characters. Use a password manager (like 1Password) to make it easy to use strong passwords.

To add an extra layer of security - speak to us about:

  • forcing strong passwords
  • forcing regular password resets
  • implementing multi-factor authentication
  • further restricting website CMS access by IP-locking
previous section
Keep your website up to date
next section
Educate your people

Educate your people

Like many other technology problems, the biggest risk of attack comes from people.

Website administrators are human, and are vulnerable to:

  • Falling for phishing scam and giving their password to a malevolent targeter
  • Not managing their passwords securely
  • Allowing malware onto their personal computer, which then goes on to compromise website access

The only way to avoid these issues is to educate your website administrators. A handy checklist here would be that they confirm they are running the latest version of their operating system; that they have some basic anti-virus systems in place; that they are using the latest browser, and that access is limited to a small number of trusted individuals. It's always worth regularly reviewing and cleaning out old user accounts too.

previous section
Use strong passwords
next section
Monitor and respond

Monitor and respond

Conduct regular security assessments to identify any potential vulnerabilities. There are tools available that can scan your website for weak points and we can help by analysing these reports and recommending actions to fix any issues.

Regularly monitor website traffic and user behaviors for any unusual activities. Quick detection and response can limit the damage of a security breach. Using a web application firewall (like Cloudflare) can be a great way to do this proactively by configuring their settings to look out for attachs.

previous section
Educate your people

Introduction

In our digitised age, websites are the shopfronts, showcases, and social hubs of businesses and personalities alike. Yet, just as a brick-and-mortar store might suffer from a break-in, websites face a relentless barrage of hacking attempts. Every minute, hundreds of sites fall prey to cyber attacks, risking financial loss, damage to reputation, data leaks and eroding user trust. As a website owner, the question isn't if you'll be targeted, but when.

The good news? At Brighter, we work hard to employ best practice security measures which help you avoid these devastating scenarios. Our six-point security guide is a great place to start to work together to keep your website secure.

Top Six Focus Areas

  1. Use a reliable web hosting service
  2. Use a secure content management system
  3. Keep your website up to date
  4. Use strong passwords
  5. Educate your people
  6. Monitor and respond
next section
Use a reliable web hosting service