Many people tend to take security seriously when they first set up their site. Unfortunately, they fail to realize that security must not only be implemented, but also maintained. As a result, many people find their websites getting hacked as a result of not maintaining security. Hackers will set up scripts to send out mass emails, distribute malware, or simply deface the site. Here, I will describe two easy ways you can keep your website more secure.
Passwords are a front line defense for your website. The stronger the password is, the less likely it is to be cracked. The strongest passwords use a seemingly random assortment of upper and lower case letters, numbers, and special characters (such as % or &). However, these are not always easy to remember. People will pick easy to remember passwords like “admin1234”, but passwords like this are easily guessable. You can make the password significantly stronger by changing it to “aDmin123$”. It remains easy to remember, but also provides a relatively high level of protection against password cracking algorithms.
Here are some general guidelines for creating a strong password:
- Make it at least 8 characters long, but 10-16 is recommended.
- Include at least one uppercase letter, preferably somewhere random instead of just at the beginning.
- Include at least one special character, such as a # or %.
In addition, if your password is less than 12 characters, we recommend changing it at least once every 4-6 months.
One of the biggest things you can do to enhance your security is to make sure your software stays up to date. If you are using a content management system such as WordPress, Drupal, or Joomla, keeping the core software and extensions up to date is crucial to keeping your website secure. New vulnerabilities are found all the time, and if you do not update within a few weeks of an update being released, you significantly increase your risk of having your website hacked.
Luckily, Joomla has streamlined its update system as of 1.6, and will notify you on the Dashboard when updates are available for the core software or your extensions. Not all extensions currently support the streamlined update system, but the ones that do are growing in number.
What other ways can you increase your website security? Feel free to discuss it below.