There are dozens of things you can do to incrementally increase your website safe. Websites that do security will give you those details. Some even ask you to open up .htaccess files or wp-config.php files and re-write code.
Re-write code! That’s insane. If you don’t run a software house, why would anyone advise you to just write some code.
Let’s take a smarter path. If you are running a smaller business, you don’t need to write code or spend thousands of dollars (note: I don’t think you would spend that money, I think you’d stay insecure, which makes sense, because thousands of dollars for something you can’t see or touch or taste or smell?!)
Low hanging fruit is what we are after. We want to avoid most bad guys. You do that in this way:
- Backup your business data and find a way to automate that backup process
- Patch your web software as soon as the developers ask you to
- Install a catch-all security plugin (if you use a CMS like WordPress or Joomla) such as iThemes Security and configure the recommended changes
That’s it. All that code wrangling is handled by the plugin. If you screw up and get hacked, your backup can help recover what is stolen. And if you patch your software, you can be confident old vulnerabilities won’t catch you.
Does that make you 100% secure? No. But it’s mostly free (or super cheap) and you can feel confident.