The Importance of Website Security and How to Ensure It
Reading Time: 5 minutes
The Importance of Website Security and How to Ensure It
Everyone has heard about the importance of online security, but we suspect most people don’t know the extent to which security vulnerabilities can wreak havoc for you and your website. As security issues are on the rise due to the huge increase in people working from home, we thought now would be a good time to give you an overview of potential security problems and what to do about them.
How and Why Websites Are Attacked
An estimated 50- to 56-thousand websites are hacked each day, but the number may be far higher, and over half of all internet traffic comes from automated sources such as hacking tools, scrapers, spammers, impersonators, and bots.
Bots are internet traffic that’s not generated by a human, but they mimic human behavior. There are various types of bots, and not all bots are bad! Examples of helpful bots include website monitoring bots that help ensure your site is always running, SEO crawlers that help us find what we need when searching, and copyright bots that scan for copied information. But there are more harmful than helpful bots, and the bad ones can infect your site with malware and steal your and your customers’ data.
If your website is hacked and infected, it can create myriad problems for you and your customers.
Here are six reasons why you should prioritize website security:
- Hackers can use your site to infect your site visitors with malware.
- Not only can an infection on your site spread to your customers, malware often redirects site visitors to other harmful sites, which means potential computer trouble for them and lost visitors for you.
- Hackers can steal your data and your customers’ data.
- A site breach could mean confidential and financial data is stolen by the hackers.
- You can get an SEO penalty, which makes it harder for your company to reach new customers.
- Malware can make it appear that you have a suspicious number of page views and a super-high bounce rate. This leads to incorrect Google analytics and your website will drop in rank.
- Website clean-up is more expensive than protection.
- Approximately 60% of websites are vulnerable to attack, and it’s difficult to “disinfect” your site on your own after the fact. Paying for security tools costs far less than hiring a consultant to dig in and find the hidden code and scrub it from your site.
- An attack can result in ‘negative SEO’
- Google’s algorithms now penalize any website that does certain things in an attempt to increase SEO, such as stuffing the content with keywords, which will actually lower a site’s rank. Duplicating content is another “trigger” that will lower a site’s SEO. This becomes a problem because automated “scrapers” are able to harvest the content from your site and publish it in other places, all over the web.
- You can get blacklisted and when a website is blacklisted, it loses almost 95% of its organic traffic, which can rapidly affect revenue.
- When your site is breached, there tends to be a cascading effect where one issue leads to another. If malware is placed on your site, it can mess with your analytics, making your site appear to be suspicious. Good suspends 10,000 suspicious accounts a day, which means a primary source of traffic won’t point search engine users to your site.
How to Secure Your Website from Hackers and Malware
To avoid attack, it’s critical to block spam from your website, which can appear as automated comments on blog posts and your online forms being completed by bots. There are many tools available for preventing spam content from appearing on and infecting your site. And it’s critical that you leverage tools available, as spam is often not something you can detect. (Hackers are very good at hiding their handywork!)
Here are our favorite tools for securing your website against harmful spam.
reCAPTCHA for Forms
reCAPTCHA is a free plugin and is an upgrade over those horrid CAPTCHA fields we’ve all had to fill out to subscribe to a newsletter or make an online purchase. They’re the “enter these characters” form fields, where those characters are difficult to read and create an annoying step between you and what you want to get access to. They’re still around, but we’re (thankfully) seeing fewer and fewer CAPTCHA as improved methods of proving your humanity are developed.
Unlike CAPTCHA, reCAPTCHA is simply a checkbox to click on to “prove you’re a human.” It’s a much simpler and easier barrier to cross to prove you’re a real user and get to what you’re signing up for or purchasing. It also has a “back-up” system for extra protection, which is something you’ve probably seen. When a user fails to click the checkbox before trying to submit a form, or if the user is flagged as suspicious for some reason, reCAPTCHA requires the user to select the correct parts of an photograph placed on a grid (e.g., “Click every box that includes a traffic light.”).
If you use Gravity Forms (our favorite!), setting up reCAPTCHA simply requires signing up for a free API account and entering the API keys on the Gravity Forms setting page. To learn more about how reCAPTCHA prevents bots from filling in your forms and how to add it to your forms, visit Google’s reCAPTCHA page. reCAPTCHA is a free plugin.
The Honeypot Technique
This type spam protection occurs in the code for the form fields, so it happens behind the scenes and doesn’t interfere with the user experience. It works by creating an additional form field that’s doesn’t appear on the form from a human’s point of view. Because bots are created to fill in every field in a form, the bot will mistake the hidden field for a “real” one. Once the bot fills in the hidden field, it’s identified itself to the software as a bot, and the software won’t allow it access! Tricky, no?
The only potential caveat is that this technique many block legitimate users who are using autofill to complete the forms. If autofill mistakes the hidden field for a piece of information available in your automatic update data, it may fill in the field and then the code thinks you’re a bot! For example, when I fill out online forms that include my name, email, and company name, my autofill often drops my birth year into the company field. Because it’s a field I can see, I delete it, but it’s possible a hidden field could also be filled with an “extra” piece of data your computer knows about you.
For Gravity Forms users, you can read about how to install and use this technique to block spam on your site. It’s baked into Gravity Forms, so the plugin is free. There are also free honeypot plugins for other forms software applications.
Askimet
This WordPress plugin is offered by the company that’s behind WordPress itself. Like the plugins above, Askimet filters spam from contact form messages, but it also protects against spam comments and trackbacks. The extra cool thing about the Askimet plugin is that “crowdsources” information to identify threats. That is, the plug combines information about spam captured among all participating WordPress sites, and then uses that information to create rules to stop additional spam!
Askimet has been around in the WordPress community since 2005 and has blocked over 5 billion pieces of spam! The Askimet plugin offers both free and paid versions. Depending upon your needs, you may want to invest in the paid version for the additional features. Plus, you’ll be doing good, as Askimet’s paid users help the company provide its free spam protection to over seven million personal and small business users.
What to Do Now
To learn more about the frequency with which sites are being hacked and the amount of financial damage hacking causes, visit Review 42 for a ton of statistics and big-picture analysis. As for protecting your website, start by taking a look to see if you have any plugins working on your site to prevent hackers and spam. You’ll want to make sure that you have something fighting off these insidious, automated attacks.
If you are not sure about what you need, whether or not you’re sufficiently protected, or which plugins work together effectively without breaking your website (it’s a good idea to have more than one line of defense), use our free website health check tool. This diagnostic will provide you with a report on potential site problems, as well as simple fixes to get you back on track.