10 Security Tips to Protect Your Website

As a website owner, is there anything more terrifying than the thought of seeing all of your work altered or entirely wiped out by a malicious attack?

You might not think your website has anything worth being hacked for, but websites are compromised all the time. The majority of website currently in existence fail to meet basic security standards and open themselves to harmful intruders. To help fight cybersecurity, we’ve shortlisted 10 security tips to protect your website.

Stay Up To Date

Using a CMS with various plugins and modules can offer many benefits to the overall functionality of a website, but it also comes with risk.

In fact, The leading cause of website infections is vulnerabilities in a content management system’s extensible components.

To protect your website from being hacked, always make sure your content management system, plugins, apps, and any scripts you’ve installed are up-to-date.

Strong Passwords

A strong password is your first step to defending your website from harmful intruders. A password containing both lowercase and uppercase letters, numbers and symbols is ideal. Remember to set strong passwords for your website CMS login, FTP server connection and Control Panel / CPanel.

SSL Certificate

An SSL certificate is important because it secures the transfer of information – such as credit cards, personal data, and contact information between your website and the server. Many hosting providers offer free SSL Certificates with hosting plans; however there is still a few providers who charge extra for SSL certificates.

Correct File Permissions

Websites are essentially a series of files and folders that are stored on a server. Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong.

It’s worthwhile to set the correct file permissions to ensure you’re not providing a back-door access point to harmful intruders. We recommend speaking to a web developer to help with this.


Implementing a firewall can help defend malicious scripts and bots from targeting your website. WordPress, Joomla! and Drupal platforms offer security extensions which feature Firewall security enhancements. Using a service such as Cloudflare will also provide firewall protection for websites.


Implementing a reliable anti-spam tool will help to fight bots from targeting your online enquiry forms. The most popular anti-spam service is Google’s ReCaptcha, but there is many anti-spam captcha and honeypot extensions for WordPress, Drupal and Joomla! content management systems.

Login Lockdown

One of the ways hackers try to compromise websites is via a Brute Force Login Attack. This is where attackers use repeated login attempts until they guess the password.

Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks. A login lockdown feature will help block the IP address of harmful intruders.

Alternate Login

Most website owners keep the default login address that comes with the CMS of choice. By changing the login address to a custom address, your intruders will need to know what the login address is in order to attempt a brute force login. Changing the default login address to a custom address will significantly help prevent unwanted login attempts.

User Registration

When using a content management system such as WordPress, Drupal or Joomla! it’s encouraged to disabling user registration. This will help fight harmful intruders from creating a user account from the front-end of your website. If user accounts need to be created, it is strongly recommended to manually create user accounts from within the system admin.

Disable Hotlinking

A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.

Due to the fact that the image being displayed on the other person’s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses’s site. To prevent hotlinking of your images, some changes will need to be made to your server’s .htaccess file – we recommend speaking to a web developer to assist with this.

Need to speak with a team member about improving the security of your website? Contact us online or call our brisbane office on (07) 3106 3361.