Security of websites

How to make a website secure? Read this article and see how to improve the security of your website!

Having a good website is not just gathering pages and pages with templates, tools, plugins and contact forms. You need to have a collective online identity that represents your brand.

You may have invested a lot to keep it running and protection mechanisms against hacker and malware attacks should be part of your digital presence. Amazingly, most developers forget to apply even the basic CMS security hacks to protect their websites.

The error later turns into a disaster and results in data theft and invasion of websites, compromising security, driving away visitors and potential customers. If you just launched a website and need a safe environment to protect your data and not fall into the traps of cyber criminals, I have separated five tips that can help in this mission.

Have a secure password

The first tip on how to make a website secure for sure is the password! It may even seem unimaginable nowadays, when hacker attacks take over the virtual landscape, but many companies still set or maintain passwords that are very easy to discover for hacking systems.

I know, you may have been shocked by this, but it’s a lot more common than it looks. For you to have an idea, the security company SplashData publishes annually the list of most used passwords on the web and the results are not the best in terms of security.

The first position corresponded to the password “123456”, followed by another bad choice which is “password”. In fact, these two are faithful representatives of the most common keys, as they have occupied the first two positions for six consecutive years.

A secure password must be at least 18 characters long and seek to mix letters, numbers and special characters. Example: (2020) # S3nh @ & S. Okay, it may be difficult to record, but prefer this to an obvious password.

Install and update security plugins

If you use a popular content management system like WordPress , you know what I mean. Outdated plugins, software and tools are the main reason behind frequent actions by hackers and compromised sites in the security area.

Watch carefully when a plugin or CMS receives an update. As soon as a newer stable version is available, press the update button without delay. Hackers create automated bots to check for vulnerable sites. They attack these sites to gain control. This can be disastrous if your online platform survives financial transactions, for example.

Be quick to get updates. As soon as the notification appears, update the version. Most platforms update quite frequently as developers understand the seriousness of being hacked. They produce updated versions with more robust patches. If your site was made with a content management system (CMS), you can improve it with security plugins that actively prevent attempts to break into sites.

The main CMS platforms have security plugins available:


  • IThemes Security
  • Bulletproof security
  • Anaconda
  • Wordfence
  • fail2Ban


  • Amasty
  • Watchlog Pro
  • MageFence


  • JHackGuard
  • jomDefender
  • RSFirewall
  • Antivirus website protection

These options address security vulnerabilities, preventing additional types of intrusion attempts that could threaten your site. In addition, all sites, whether a site managed by CMS or HTML pages, can benefit from consideration of SiteLock.

SiteLock goes beyond simply closing security holes in the site, providing daily monitoring of everything from malware detection to vulnerability identification, active virus scanning and much more. If your company depends on the site, SiteLock is definitely an investment worth considering.

Use web application firewall (WAF)

There are many types of firewalls that you can use to protect your website, some based on hardware and others just software. They analyze every bit of traffic on and off the website’s server and prevent most hacking attempts.

Currently, the most popular choices are based on the cloud. There will be some upfront cost, but it will be worth it in the long run. The security that a firewall service offers on simple systems, such as a personal computer, are also essential for more complex systems, such as small, medium and even large companies.

Most modern computers already have software with the function of blocking and allowing data transactions: they are application firewalls. They have very basic functions, but are useful to prevent that, in the event that one station in the network is attacked, the other stations are not reached. Properly implemented firewalls can reduce the risk of attack, contamination, data theft and downtime.

Install SSL Security Certificate (The famous green lock on Google Chrome)

The SSL certificate is a very important tip on how to make your website secure. Have you noticed that some sites have a green icon in the left corner of your browser’s URL address? This is a signal that shows that these sites have enabled the encrypted SSL protocol.

It protects your users’ information as it travels between the website and the database. Encryption makes access to the site and unauthorized traffic very difficult. Fixing this will not only protect your site, but will also serve SEO, since Google prefers to rank safer sites with higher quality.

Your customers will also appreciate the extra effort to keep their data safe and are likely to be encouraged to sponsor the business, rather than a competitor without the extra layer of security.

Not having an SSL / TLS Certificate can harm your website’s ranking in several ways:

  • Reduced visits: Because people stop accessing it because of the error message that Google presents.
  • It decreases your credibility: Because whoever accesses your site will see that the message “Not Secure” appears at the top of the page. Most people will not send their confidential data over the web unless they know that the information will be secure. The best way to ensure security and attract more consumers is to install an SSL / TLS Certificate to prove your website’s identity. Did you know that there are hosting services that offer free SSL in their service package? Conectasul besides taking care of its website with all dedication and security, charges little for what it delivers!

Back up regularly

If all of the previous precautions fail and you still come across a hacker breaking into your system, it’s time to hit the emergency button. In that case, only a recent backup can help you recover completely. You can set the frequency as many times as you like, up to several times a day. The more frequent, the better. It is recommended to use a continuous save system to have multiple backups available, in case it is necessary to isolate the exact time when a problem occurred.

Another tip is that your backups must be on-site and off-site, so that, even in the worst attacks, you can still perform a full recovery. In addition to attacks, natural disasters or malfunctions in web host data centers are known to result in permanent data loss. So, again, I insist: keeping backup copies of the site nearby on external HDD, for example, can also be useful.

Finally, it is important that you treat your website as you would your office, because that is exactly what it is: your internet workstation. Keeping you safe is essential as you are interacting with customers, making sales and expanding your business.


As you saw we separated these tips on how to make your site safe. The safety of the site needs to be a priority in its digital strategy. If you have not taken any steps to protect your site, you may be at risk while reading this article.

It is almost impossible for any website to be 100% secure – hackers will always find new ways to attack websites and steal information. But you can make this difficult by taking the security measures I highlighted above.

At the end of the day, if cyber criminals are struggling to break into one site, they’ll move on to other sites that haven’t implemented the security tactics we talked about.