Image showing HTTPS promoting website security

Cybersecurity Awareness Month – Tips For Website Owners

Some of my tips are dependant on what hosting and content management system (CMS) you’re using. For example I use WordPress as a CMS and separate hosting for all of my clients, however if you own a WordPress website there are extra measures which need to be carried out. Other companies like Webflow or Wix look after the CMS, hosting and most of the security as well but there are, in my opinion major drawbacks with using this type of website builder, but that’s for another post!

SSL Certificate

An SSL certificate is an absolute must, it not only protects and encrypts your visitors information, it gives them the confidence you're trustworthy. The first thing your browser does is tell your visitors if the website is secured with an SSL. Don't make it the first and last impression they get of you as they click the close button, that's if your page loads, some browsers depending on their settings won't even load the page and Google will rank your website lower for not having one. A standard SSL certificate is usually free with your hosting, if it isn't you really need to move to a better provider. If you run an e-commerce website or take payments, there is an enhanced SSL certificate because of the sensitivity of processing card details, this does depend on how you handle the information as to whether you need an enhanced certificate. Contact your friendly web designer *ahem, nudge, nudge* or your hosting company who will advise if you need one.


Bots are crawling the internet constantly looking for vulnerabilities and passwords are an easy target. Never have your website login username and password both set to 'Admin'. It's the first combination hackers try, if you're crazy enough to have this as your login, first, WHY! Second, change them NOW! Also don't use your website address as the username, and a classic password I just love - 'Password'. It's really not clever. Honestly.


Backups are vital, if something happens to your website or hosting literally everything, your whole website could be gone. Your hosting provider may automatically backup your website but it's always best practice to make them yourself. If you use providers like Webflow or Wix then I would recommend duplicating your website in your account, when you make any changes, take another duplicate and delete the previous one. With WordPress, again your hosting provider may take automatic backups but, unlike Webflow and Wix if your host disappears for any reason, your website is gone. I use a plugin called Updraft Plus which can be set to backup automatically at a timescale to suit you, depending on how often you update your website. Also before you update or make any changes to any website you should take a backup just in case anything happens whilst you're working on it.


Anyone who has a WordPress website must regularly update the software on their website. These are called theme's and plugins but also the code language, PHP which WordPress is built on needs to be updated. This is because hackers and viruses are constantly evolving so the developers release regular updates which helps keep your website safe.