How to Keep Your Website Secure

Support | |

The Internet is now the go-to method of communication, research and shopping, which also means that data and website breaches are on the rise.

Whether you have a small website or an international e-commerce website, security is extremely important – you need to protect yourself and sensitive information.

We’ve put together a list of tips to help keep your website safe and secure, as well as help should your security be compromised.

May 2023 Update

Google Chrome will soon be replacing the lock icon in Chrome’s address bar with a new “tune” icon – a neutral indicator – to emphasise that security should be the default state. The lock icon on Android will also be replaced, and will be removed entirely on iOS. On all platforms, plaintext HTTP will continue to be marked as insecure.

Why is Website Security Important?

Your website is the hub where customers come to research your brand and products, and possibly to make purchases too. Therefore, it is vital that your site is continuously available to users and is performing well. However, no matter the size of a website, it may be vulnerable to attacks. These attacks can lead to your website being compromised: data loss, stolen data or unwanted website changes being the result.

Examples of unwanted intrusion include:

  • Injected code onto your site that infects all website visitors with malwarePages defaced
  • Content deletion
  • Login and other sensitive information may be stolen or sold online
  • Being blocked by Google if they detect malware on your website
  • Admin account usernames and passwords changed, preventing you from accessing your website’s  backend

How to Keep Your Website Secure

Complete Regular Website Security Checks

First, you should determine how secure your website is so that you can address any vulnerabilities. To do this, you can use an online scanner tool that will scan your website, identify issues and then suggest how to fix them too. Examples of these tools include Securi Sitecheck, All in One WP Security & Firewall, or Wordfence Security*. We would also recommend checking your website regularly for any unusual changes – such as new links, posts or users that you didn’t add, or unnecessary code in theme or plugin files.

Backup Your Site Regularly

You should always backup your website regularly. This will allow you to restore a backup taken before a hack, should a security breach occur. It will also mean that you will not lose months or years of work, should your website be hacked. With our hosting packages, websites are backed up every 24 hours, allowing us to restore a database backup to any point in time within the last 2 weeks.

Keep Software Updated

Out of date software is the most common reason for an infected website. If you have a WordPress website, you should update your WP version, theme and plugins regularly (which you can check via your Dashboard). This is because out of date software can be hacked using automated programs. Ballyhoo offers website support packages, where we will keep your website and plugins updated for you, among other things.

Use Strong Passwords

Passwords should be a mix of uppercase and lowercase letters, numbers and symbols. You can also use tools to generate secure passwords, such as 1Password, KeePass and LastPass. These tools will also often securely save your passwords for you too.

Use an SSL Certificate

An SSL Certificate authenticates a website’s identity and allows an encrypted connection. It keeps connections and payments secure, and prevents hackers from reading or modifying information transferred between systems. You’ll notice a padlock icon on the URL bar if a website has an SSL installed. You should ensure that your SSL certificate is live at all times.

Choose a Secure Host

Hackers often look at website servers to identify exploits. Although there are cheap hosting options available online, we would strongly suggest investing in secure servers. Here at Ballyhoo we offer hosting packages – meaning we will take care of your hosting for you on a secure and fast hosting package.

Two Factor Authentication (2FA)

This allows you to require another piece of information in order to login to your website – such as a code sent via SMS to your phone, a code sent via email, or a piece of information only you know. In WordPress you can download plugins to give you this functionality.

Password Protect Login Pages

As standard, WordPress login page URLs are set to end with ‘/admin’ or ‘wp-admin’. This makes it easy for hackers to access the admin login for your website. We suggest changing the login address to an alternative URL. You can do this through adding a WordPress plugin – such as WPs Hide login, or by editing your .htaccess file. You can also limit login attempts, to prevent Brute Force attacks. 

Use a Web Application Firewall

This uses strict rules to filter website traffic, and blacklists IPs known to be associated with hacking or attacks. It then prevents them from reaching your server.

What if my website gets attacked?

If the worst case scenario occurs, and your website does get hacked, we can help. We offer a Disaster Recovery service – meaning we can get your website back up and running as a priority for you. This can take some of the stress out of not having your website online and offer peace of mind that the pros (that’s us) will take care of everything for you.


Website security should be taken seriously, and should be your top priority. The consequences of a security attack can damage more than just your website – it can affect your reputation, online SEO and marketing strategies, and result in vast data loss.

Our website hosting package offers you fast, secure & hassle-free hosting, where we manage everything you need to keep your company online and running smoothly. Contact us now for more information, or to learn more about our website support packages.

* We do not directly endorse any of the third-party products or services mentioned in this article.

Headshot of Rebecca young new team member


Rebecca helps to keep the team organised and supports all of our clients with day to day activities and content. She also runs all of Ballyhoo's internal marketing.