Website security: how to protect your web presence

Even a small data leak can result in major consequences for a company: loss in turnover, damaged reputation, lawsuits, etc. Many online shoppers trust large companies (most of them online retailers) with their personal data and sometimes even their credit card information. Cyber-attacks on online businesses occur daily, and sensitive customer information as well as important internal information should always be protected. In addition to carrying out regular website security checks, there are a host of other security measures that businesses and companies alike have at their disposal.

Open system - even for hackers

It's the promise of most providers: your own website in just a few simple clicks. It really is the case that you can get your own site up and running with little IT knowledge. For blogs, stores, or news sites, there are many different web applications currently available on the market. But aside from their convenience, content management solutions, e-commerce systems, and forum software, all solutions have something else in common: they present considerable security risks. This is due to their open source nature. Not only is the source code of such resources available to all users, its open system structure makes it a prime target for hackers and other cyber criminals.

From source code to credit card theft

In December 2015 alone, over 2.6 million websites were created with the open source software, Joomla. In total, the community boasts an impressive 500,000 active members, a figure similar to that of WordPress. Each and every member of such CMSs has the ability to independently develop extensions, plugins, modules, or templates and introduce these to the user community. This open source approach is popular with many users, not least because of its price. Hackers have also proven to be loyal ‘fans’ of these popular CMS programs and their plugins, as they are always on the lookout for widely used programs.

By locating weaknesses within these systems, cyber criminals put themselves in a position to cause serious damage. Phishing schemes are able to trick users into delivering sensitive customer data, like login or payment information. Trojans and viruses can also be implanted and incorporated into drive by downloads, a ploy that involves getting users to unknowingly download malware, which is later used for spamming. Such viruses can lead to server outages and cause extended periods of downtime, substantially affecting turnover in the process.

Some of the consequences of inadequate website security are

  • Misuse of data
  • Identity theft
  • Damaged reputation
  • Loss of turnover
  • Lawsuits

The first steps in securing a site: the website security check

Gaps in security can be closed before any sort of damage occurs. The key here is making sure that you notice such instances before online criminals do. A website security check is the first step of this process, and there is a wide array of providers that can help you on this front:

In order to check a website’s security, most providers begin by carrying out what’s known as a penetration test. These tests simulate hacker attacks (e.g. an unauthorised system intruder) to find potential vulnerabilities within the system.

5 tips for better website security

There are some basic security precautions that should be met in order to make things as difficult as possible for hackers. We’ve compiled five simple measures that any company can carry out without having to worry about major time or financial commitments.

1. Staying up to date

The internet community is constantly developing and updating open source solutions. Bugs and security gaps are found quickly and usually removed even faster. Development teams are only able to profit from these quick reactions if their system is always up to date with the latest standards. Many CMS solutions offer automatic update plugins for installation. With the easy update manager for WordPress or the extension SP Upgrade for Joomla, it’s easy to keep these systems up to date, which in turn boosts website security. Given that plugins and other add-ons are separate programmes themselves, these also have to be periodically checked for updates.

2. Regular backups

Despite careful precautions, some hackers still manage to find a way to discover and exploit security gaps. Once this step has been reached, they’re able to cause considerable damage to whomever they target. Data espionage and misuse of data aren’t the only consequences to be wary of; many hackers go to great lengths to cover their tracks, and this can sometimes even involve erasing entire databases. This is why it’s so important to regularly back up data. Doing this serves as a double precaution of sorts, as it’s possible to overwrite individually aligned system files even with standard updates. Regularly updating all data is an absolute ‘must’ for any company serious about security concerns. Helpful plugins are also available for this step. For WordPress there’s the Backup WordPress plugin, and for Joomla the extensions Easy Joomla Backup or LazyDbBackup are popular options.

3. Secure login data

While the importance of selecting a secure password may seem obvious at first, the internet’s most popular password serves as a painful reminder that, for many, it actually isn’t. ‘password’ and ‘123456’ were revealed to be the most popular passwords for many. Making matters worse, suggested users names like ‘Admin’ or ‘Administrator’ are also adopted by many system users. Those who adopt such thoughtless security settings are making themselves especially vulnerable to hackers. For both passwords and usernames, it’s best to follow these simple rules of thumb: no real names or simple, easily remembered combinations should ever be used. For more on how to generate a strong password, consult our digital guide article on the matter.

4. Staying informed

Those determined to protect their site from hackers and other attacks should always stay informed about the latest dangers and security gaps plaguing the cyber world. The first point of contact for this is, of course, the cyber community that you’re a part of. There are countless threads on the topic of cyber security in most forums. Here, members discuss possible security risks, how to identify them, and ideally, remove them as well. For information on current news, background articles, and forums, sites like or Wired are good places to start.

5. HTTPS and SSL certificates

HTTPS secures the exchange of sensitive data on the internet. With the help of SSL (Secure Socket Layer), data exchanges occurring between servers and clients are encrypted. This makes it difficult for hackers to transfer or intercept data. These certificates are available on multiple websites (e.g. GeoTrust). Many hosting providers also include them in web hosting packages or offer them for an additional fee. A further advantage: users are able to recognise the website security certificate as such by the ‘padlock symbol’ in the browser and the http transport protocol.

Don’t give hackers a chance

The first step in not giving hackers the chance to cause harm requires regularly checking the security of your website. A security check is a good start and should be carried out in periodic intervals. Cyber criminals are always looking for security flaws that they’d be able to exploit. Ensuring that your system is up to date decreases the risk of intruders gaining unauthorised access. Certain conditions may warrant consulting the advice of an IT expert. Last but not least, it’s important to make sure that your own team is well aware of the dangers lurking in cyber space; an uninformed coworker may just prove to be the weak link of an otherwise well-thought out security strategy.


Want to make your website more secure? Learn more about SSL certificates from 1&1 IONOS and how they increase your site’s trustworthiness.

Wait! We’ve got something for you!
Get your domain now, the first year is free.

Enter the web address of your choice in the search bar to check its availability.
12 month for £0/year
then £10/year