Three common mistakes leave websites open to attack: running outdated CMS software, using simple passwords, and leaving dormant user accounts active. Update your software, enforce long unpredictable passwords, and review who has access, and you close the gaps that let most sites get hacked.
Mistake one: not updating your software
If your website runs on a CMS like Joomla, WordPress or Drupal, know that older versions are prone to attack. Update them regularly. Some software offers auto-update, and switching it on is the safer choice. Where there is no such feature, update manually. WordPress has several auto-update options, and our WordPress SEO, speed and security service sets these correctly so nothing is left on an old, exposed version.
Mistake two: weak, guessable passwords
If you have been using simple, straightforward passwords, change them now. A good password is long, say 8 to 20 characters, and mixes capitals, small letters, digits and special characters. A useful trick is to borrow words from Hindi, Punjabi or another language, which will not appear in an English dictionary, and mix in at least a couple of special characters. That is far harder to crack than a common English word.
Mistake three: never reviewing who has access
If you run a password-based system, such as custom software built for your company's users, review the list of people with admin access regularly. Accounts are often left active even after a user has quit, which leaves the system open to abuse. Deactivate dormant accounts as soon as possible. A policy of periodic password changes helps too, as long as it is not so frequent that it backfires. These habits sit alongside the wider cybersecurity precautions every business should take.
Close the gaps before someone finds them
We audit sites for these exact weaknesses and fix them, so your site is harder to attack and your data stays yours.
Ask for a security reviewQuestions owners ask about web security
Why is an outdated CMS a security risk?
Older versions of Joomla, WordPress, Drupal and similar software are prone to attack. Developers release updates to patch known vulnerabilities, so running an old version leaves a door open that attackers already know how to walk through.
What makes a password hard to crack?
Length and unpredictability. Use 8 to 20 characters with capitals, small letters, digits and special characters. Borrowing words from Hindi, Punjabi or another language, mixed with special characters, gives you something that will not be found in an English dictionary.
Why review the list of active users?
Accounts are often left active after a person has left the company, which leaves the admin system open to abuse. Reviewing the user list and deactivating dormant accounts promptly closes that gap.
Should I force frequent password changes?
A policy of changing passwords is good practice, but do not make it so frequent that people write them down or reuse patterns. Balance is better than a rule that pushes users into worse habits.