Learn how to make your website secure against cyber attacks

How to secure your website!

When a person owns a shop, they make sure to lock everything up when the day is done. For particularly valuable products, special roller shutters are sometimes lowered and alarm systems are activated. And even during opening hours, there are numerous ways to protect goods from unauthorized access. And online?

Of course, you should also add such security measures for yourself! In this blog post, we explain what you need to pay attention to so that your company’s online presence is well protected. Behind a website, there is usually a content management system (CMS) that allows the admin to access the website.

Is your website fit according to the GDPR Regulations and safe?

Check here in 10 simple steps. At this moment only availiable in German and Spanish.

Check out!

Is your website fit according to the GDPR Regulations and safe?

Check here in 10 simple steps. At this moment only availiable in German and Spanish.

Check out!

Is your website fit according to the GDPR Regulations and safe?

Check here in 10 simple steps. At this moment only availiable in German and Spanish.

Check out!

Use complex passwords

With a CMS you can edit both the frontend (the part of the website that is visible to visitors) and the backend (the behind-the-scenes technology and data). But they have to log in first. For that log in to the CMS, an admin should choose a password that hackers cannot crack easily – just like you would with all other online activities. Here, we explain how you can create complex passwords and manage them securely:

Stong passwords contain variety

As a first step, passwords should be at least (!) 8 characters long and should always contain a mixture of uppercase and lowercase letters, numbers and special characters. “The (German) Federal Office for Information Security” (BSI) advises to form a personal sentence (for example: “I prefer to eat pizza with four ingredients and extra cheese”) to develop a combination of letters and numbers that you can remember (in this case, for example: “IptePw4i+eC”).
But that doesn’t solve the problem that you need much more than just a password for the many accounts that you use every day.

You could now add an abbreviation at the ends of the respective account that represents the kind of account that it is (for example, WP for a WordPress website and GM for a Gmail account ). But is it possible to remember them all? More than likely, not. Some people write their passwords down in a text document or Excel spreadsheet. Not only is this cumbersome, but it is also still not secure.
Our recommendation is, therefore: Use password managers!

Password managers help you to remember

Password managers work like encrypted digital notebooks. They generate secure passwords and store them either locally, on the respective device, or in a cloud located on the servers of the provider. The advantage of using a cloud-based solution is that you can use the password manager on multiple devices – because all data is synchronized automatically and at all times.

There are various apps and software programs that allow you to organize your passwords securely. We, at codafish, prefer to work with Zoho Vault because this password storage is very easy to work with and contains a host of comprehensive functions.

A password manager needs security, too

Important: It stands to reason that a password manager would also need a password that allows you to have access. This so-called “master password” should be as long and complex as possible – as was described above. In addition, for the highest possible level of security, the latest updates to the password manager app or software should always be run.

Enable two-factor authentication (2FA)

Two-factor authentication (2FA, for short), during login, increases your online security. With this process, the person logging in has to overcome two hurdles (factors). Usually, the password is first queried. In the second step, either an SMS with a one-time code is sent to a smartphone, for example, or an authorization app would be needed with which you could confirm the action. Biometric data such as fingerprint or facial recognition (Face-ID) are also often used for this purpose.

Plugins for two-factor authentication are available for well-known content management systems such as WordPress, Drupal or Pimcore. Alternatively, there are various so-called authenticator apps that you can use to log in to your website or the CMS that powers it.

Secure your backend, as well

The content management system allows you to work on both the frontend and backend of your website. The backend is the area of a website that is especially worth protecting. This is where the technical system is stored and the databases that feed the content of your website are also located. It, therefore, makes sense to also protect the backend – and not just by means of a secure CMS login. There are several options available:

Set up extra login through Basic Auth

To protect your backend adequately, you can secure it with a server-based password. The admin area can only be accessed using an additional user-password combination. A well-known method for this is Basic Auth. In this way, you can protect yourself from so-called brute-force attacks (repeated short-term password attempts).

Hide the backend behind an alternative URL

You can also change the route of backend access. For WordPress pages, the backend can be reached via the suffix /wp-admin. Assign it a different URL instead, so replace the known route www.nameofyourwebsite.de/wp-admin with www.backend.nameofyourwebsite.de.

Allow access only via a VPN

You can also configure your backend so that only the members of a virtual private network (VPN) have access to it. A VPN is a self-contained network in which members can exchange data over an encrypted connection without being visible to others.

security dsgvo checkliste banner

Malware is the shortened form of “malicious software”, which is harmful software that you should protect your website from. There are many anti-malware programs, often referred to as “anti-virus programs”, because malware and viruses are often used synonymously. But that is not quite true. Malware is actually an umbrella term for viruses and other harmful intruders (such as spyware, adware, ransomware, etc).
Our tip: Invest in software that comprehensively protects your company against cyber attacks. So make sure that it not only detects viruses, but also spyware, adware and ransomware, and destroys or, at least, repels them. Whether this is the case, however, cannot be determined simply by the name. Some anti-malware programs use the term, anti-virus, even though they are actually designed to act against other forms of malware. So, be sure to take a good look at the product description.

Check the admin permissions

How many people in your company have access to the content management system as admins? For larger companies, it makes sense to check these access permissions regularly and to ask yourself whether you really need ten administrators. Because admins have special privileges and every intervention also carries the risk of mistakes being made. You should, therefore, not distribute the admin rights too freely.

Do the website security check

1. Do you use secure passwords or a password manager that generates complex passwords for logging in to the CMS?
2. Have you enabled two-factor authentication for all logins?
3. Have you also protected your backend with extra logins, an alternative URL for the admin area and / or access through a VPN?
4. Do you use anti-malware programs that protect your business from digital attacks by viruses and other malware?
5. Do you regularly sort out unnecessary admin permissions so that only a limited number of people have access to the sensitive backend?

If you have answered, “Yes”, to all of these questions, then you can sit back and relax. Any “No” or “Don’t Know” answers, on the other hand, could signify a security gap. If you want to play it safe, we would be happy to support you!

Is your website fit according to the GDPR Regulations and safe?

Check here in 10 simple steps. At this moment only availiable in German and Spanish.

Check out!

codafish><>are your partner for secure websites

Play it safe with us! We would be happy to advise you personally on how to make your website secure and to help you to implement the measures. Would you like to learn more with no obligation? Simply fill in the contact form or call us directly: +49 30 666384800 or 00800 2632 3474

Dive into our World

Here is where we inform you about exciting digital trends and explain how you can use them in your business. In addition, we offer you a closer look at our work as a digital agency. Thank you for your interest. Thank you for your interest.
drupal security info codafish news

Attention: Drupal security update required!

The US cyber security authority CISA has advised users to update their Drupal CMS, as this vulnerability makes it extremely easy for a malicious server
Read More
google analytics 4

Google Analytics 4. The next generation of analytics

At the moment, both versions, i.e., Google Universal Analytics and Google Analytics 4 are still running side by side. As of 1 July 2023, however,
Read More

codafish – Pimcore Gold Partner

The spring starts with good news for codafish! Following on from a period of growth in 2022, our web developers were successful in having their
Read More

We call you!

Are you planning a new digital project and you have questions about our services? Complete this form or call us at +1 888 9263234
  • This field is for validation purposes and should be left unchanged.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Error: Embedded data could not be displayed.
Error: Embedded data could not be displayed.