Last year, during the Huduma Number craze, a number Kenya government owned websites were hacked. If you dint know about this already, have a read here.
But that’s stale news, what I want you to notice is the URL, or in proper English, the website address as entered in the browser. Notice the inverted exclamation mark?. That is the red flag right there.
#1 SSL Certificate
The first step to securing a website is to install an SSL certificate. An SL certificate in leyman’s language a padlock for your website.
How do you know if an SSL certificate is installed in your website?. It is simple, for example , if you are using Google Chrome as your browser , you would see this error when you enter an unsecured website address.
So what does not having an SSL certificate mean for your website’s security?
What does this mean for you? If your website doesn’t have a secure, encrypted connection for your visitors to use, Google Chrome will notify every visitor that your website is not secure by flagging it in the search bar.
But that is not the only problem, not having a security certificate, or an SSL certificate installed in your website mean you are vulnerable to attacks.
Simply put, a website without an SSL certificate is like a fancy house without a door lock. Any thief can walk in and out. And that is what happened to the Kenya Government websites that got hacked.
Whether you already have a website or are about to launch one, a dedicated SSL certificate will fix the problem. Your website will be secure and your visitors will see a “Secured” message along with a green padlock:
Or a locked padlock will appear before the website address that has an s after the http:// like this.
#2 Outdated versions of the a content management system
Most websites are built on CMS, or content management platforms, popularly known as “templates”. The most famous one being WordPress.
Thank fully most content management platforms come with auto update options, but depending on customization done by the web developer, sometime auto updating is disabled. This is for the simple reason that updates sometimes mess up custom changes and make the website “break”. This means the website does not load or perform as expected, thus it is a preference of developers to tun off this function.
Here is how to check if your word press version is up to date. Log in to your wp-admin, a.k.a the website’s back end. Click on the updates button on the left side.
You should see it as per the image above. if it the settings are not on auto update, just change it to auto.
So what does an outdated CMS affect your website’s security?
An outdated CMS is vulnerable and susceptible to attacks from hackers. Security updates or security releases are extremely important in order to prevent cyber-attacks. A breach in your website security will reduce your online credibility and can result in business losses as well. More on this here.
#3. Outdated Plugins
Plugins come with CMSes, just like smartphones phones come with apps . As you may be already be aware, hacking is a full time career. It is a hacker’s job to find vulnerabilities and exploit them. This is why CMS plugin developers release updates or ‘patches’as famously known for their plugins.
So what does an outdated plugins affect your website’s security?
This is one of the reasons why it is important to have a professional manage your website. This is because most if not all plugins are updated manually. For the simple reason that patches can alter functionalities on the website, and website admins don’t like those kind of surprises.
Ensure all your plugins are up-to-date to strengthen your website’s security.
Here is how to update a plug in
Step 1: Go to your WordPress dashboard. From the left panel, select Installed Plugins. It’ll take you to the plugins page.
Step 2: In the plugin page, you can see all the plugins installed on your site. While scrolling through the list you should be able to see the plugins that are ready for an update. Click on Update Now option that appears on the plugins that ready for an update.
If you follow these three simple steps, you will above fold, a need not fear getting hacked. Of course this is not exhaustive, but it is a fine start.
Feel free to reach out for a free security analysis of your website by writing to email@example.com. If it was helpful , please leave a comment and share.