Make Your Website More Secure

Website security is a growing issue. From large-scale eCommerce sites to personal blogs, anyone and everyone is at risk. While headlines focus on recognizable names like Target, Equifax and Uber, companies and websites of all shapes and sizes are being hacked every minute. In fact, more than 30,000 websites are hacked every day according to website security company Sophos.


Luckily, there are steps you can take to lessen the risk of being hacked and having your information stolen. Here are a few things to consider whether you’re building a brand new website or have an existing one.


Choose the Right Hosting

Not all hosting providers are created equal. In the same way that you want to choose the right neighborhood, you want reliable, secure hosting for your website. Choose a hosting company with great reviews, consistent uptime, and a focus on server security.


Secure Your Site with VPS and Dedicated Servers

If you’re looking for additional security measures, many hosting providers offer options for a higher cost. Shared hosting is the cheapest option, but when you’re sharing server space and resources with dozens of other sites, your site is at risk if any of those other sites are hacked. VPS (virtual private servers) and dedicated servers offer more security by splitting your site off from the others.


Try Managed Hosting if You’re Using WordPress

For all the WordPress users out there, some hosting providers even offer WordPress specific hosting servers. Managed WordPress hosting boosts site security by automatically updating to the latest version of the CMS right when it is released while constantly scanning sites for malware or hacking attempts.


Get an SSL Certificate

You’ve probably heard of SSL certificates and seen the little padlock in your address bar. If you haven’t looked into adding an SSL certificate to your website, you should. It will encrypt information passed between your server and web browsers. This includes form submission information, payments, and even login credentials. On top of the most obvious benefits, SSL certificates are also becoming the standard across the web, especially when it comes to ranking for SEO.


Secure Your Login Information

You can add all the expensive bells and whistles to your site you want, but in the end you’re only as secure as your login information. If a hacker or hacking tool cracks the login information to your site, domain registrar, or hosting, they’ll most likely be able to gain access to everything else. Don’t let an easy password create a security nightmare.


As this article from NBC points out, most people are still using horrible passwords. If you’re using any of the most common passwords (or even if you’re not), it’s probably time to upgrade your web security game by following a few of these simple rules:

  • Avoid common words or phrases
  • Aim for at least 12 characters
  • Preferably a mix of uppercase, lowercase, and special characters
  • Don’t repeat passwords for multiple accounts


Password Managers Can Help

This can sound overwhelming, but there are tools out there that can help. Try a password manager like LastPass or 1Password to not only store passwords, but generate them too. Here at Lessing-Flynn, we use PassWork to make sure both our own passwords and our client’s passwords are safe.


Add Another Layer with Two-Factor Authentication

Having a difficult password is a great first step, but incorporate two-factor authentication to add yet another layer of security to your login process. Two-factor authentication, sometimes abbreviated at 2FA, requires you to login with not only your username and password, but also a unique token – usually a set of numbers sent via text or app. Many websites offer built-in 2FA. You can check using this handy website. You can also use 2FA apps or programs including Authy or Google Authenticator if you want a consolidated solution.


Leverage Tools and Plugins

Since security is such a major concern, there are also a ton of additional hardware and software solutions out there. Some cost, but there’s also a huge selection of free tools to help beef up your security.



Cloudflare serves a number of different functions. One of its primary functions is as a CDN, or content delivery network. In a nutshell, a CDN caches copies of your website on servers around the world in order to improve response time when someone goes to your site. Aside from a faster website, it also helps prevent DDoS attacks and offers other security measures for protecting your site for an added cost.


WordPress Plugins

A large chunk of the websites on the internet run on WordPress. It’s my go to content management system for both personal websites and as a recommendation for clients. That being the case, here are a few of my favorite security-focused WordPress plugins.



From firewalls to malware scanning to traffic monitoring, Wordfence is a suite of tools for all your security needs. The free version works great or get the paid version for more peace of mind.


WP Remote

For those people managing multiple sites or who are forgetful when it comes to updating the WordPress core or plugins, WP Remote is a free, one-stop shop for one-click updating.



Less security and more ease of mind, UpdraftPlus allows you to schedule automatic backups of your website to remote storage. So even if your website does go down or get hacked, you can quickly and easily restore a previous, clean instance.



Spam comments aren’t the world’s biggest security threat, but they can be annoying and fill your comment section with bad links. Keep them under control with help from Akismet.


Summing It Up

There’s no way to keep your website 100% secure. Hackers are always finding new ways to infiltrate websites, exploiting new security holes and unknown issues. But using the above methods can be a great head start on staying on top of some of the most obvious security risks.


How do you stay on top of website security? Let us know what else we should look into in the comments below.



Sign up for our newsletter!