for developers

12 Website Security Tips From Experts

Updated: December 10, 2019 by Agnes Talalaev

We have gathered 12 website security tips from experts to keep in mind. Security is something people and companies of any size cannot ignore anymore and our mission is to make it as elementary as locks on home doors.

website security tips from experts

People may not think that their website could be a target for hackers, but it happens all the time – every day.

Statistically, a regular small business website is attacked 44 times per day. These website security tips can make a big difference if you take a day to work on them.

We see a lot of articles about simple 10-step tips on how to improve web security and how to make sure your website is safe from hackers, but sometimes it takes a bit more than good passwords and frequent updates.

Of course, this would be a good place to start but in reality, there are thousands of different ways a hacker can get access to your information.

So, let’s go!

Password management tools

Start with password management tools. Every account should have a different password, so an evil-minded attacker can’t access all your accounts when one of them gets compromised.

Let your password manager calculate a strong password for you so that it would be extremely hard to brute force them. And of course – use two-factor authentication where ever you can.

Choose a good hosting provider

Choose a good hosting provider for your website. Sometimes your website can be secure but if the host is targeted and their security is low it can get your website compromised as well.

Try managed hosting providers if you don’t feel confident enough to build a good technical environment for the site. Make sure to read the reviews.

Read more about if you should rely on hosting security here and learn about the dangers of shared hosting here.

Avoid multiple sites in one server

Avoid running multiple sites on one server. Also, create a separate database for each site instead of using different prefixes. This will help you keep the sites isolated and will save you a lot of money if one of them gets hacked.

Regular back-ups

Back up your website regularly. Some hosting providers do it for you but no matter how secure your website is, there is always room for improvement.

At the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens.

Separate database from the file server

Separate database from the file server. Experts recommend maintaining separate web servers and database servers for better website security. Though the cost may be prohibitive for small organizations, it does make sense when you have to handle customer credentials and other data.

Use HTTPS/TLS to encrypt data

Use HTTPS/TLS to encrypt data. There are more reasons than security in that, but keeping your visitors/customers data secure should be your number one priority. You can read more about the importance of HTTPS here.

Connect the server correctly

Connect the server correctly when setting up your site. Connect to the server only through SFTP or SSH. SFTP is always preferred over the traditional FTP because of its security features that are, of course, not attributed to FTP.

Don’t go live with defaults

Don’t go live with defaults! Rename your login URL –  Protect the wp-admin(WordPress) / administrator(Joomla) directory. 

Change the admin username – During WordPress, Joomla or other CMS installation, you should never choose “admin” as the username for your main administrator account. Also, Disallow file-editing inside the CMS.

Disable features you don’t use

Disable features you don’t use.  For example: disable registrations and commenting on your website if you’re not benefiting from them.

Remove all the plugins and themes that are not critical for your website functionality (especially the ones that are disabled or inactive).

Make sure you know what’s going on

Make sure you know what’s going on on your website. I guess you don’t visit your own site every day. Use uptime monitoring and set up alerts when your site has unexpected content changes.

Frequently check if the site is listed in any blacklists that indicate a missed incident. You can scan your site at or use our own scanner at WebARX Portal.

Always update/patch regularly

Always patch regularly. Know what software your website is running, regularly check if there are any new vulnerabilities on any of your software and always update/patch them as soon as possible.

If your CMS supports, enable automatic updates on your website.

Protip: WebARX free version can monitor software vulnerabilities for you. You can also set up alerts.

Build layers of security around your site

Build layers of security around your site. Just as you lock your doors before leaving your house and install antivirus software on your desktop computer before browsing the web, you should also have a security system to serve as your website’s first line of defense against hacking attacks.

A Web Application Firewall is that first line of defense – learn more about the web application firewall here.


These twelve website security tips from experts are a good place to start.

We all agree – to achieve success in today’s world it is necessary to maintain an online presence, but it is equally as important to preserve it as well. Nowadays it’s more than important to invest in security.

Like Richard Clark (former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States) said: “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked”.

If you spend more on coffee than on IT security, you will be hacked.
for developers

suggested articles

Start your free 7-day trial now

Protect your websites from malicious traffic - set-up in under 3 minutes.

Try it now

WebARX is compatible with the following platforms: