6 ways to make your council website more secure

We can’t emphasise enough how important it is to keep your town, parish or community council website safe and secure from hackers. According to Securityweek.com, approximately 18 million websites (that’s 1% of the nearly 2 billion websites online right now) are infected with malware and that the average website is attacked 44 times each day.

1. Use an SSL certificate for your website

An SSL certificate is used to provide a secure connection between the server and the visitor to your website. These are now pretty much mandatory, with Google marking any website that doesn’t have one as ‘unsafe’.

How can you tell if you town, parish or community council website has an SSL certificate?

When you are visiting your site, look at the address bar at the top of the browser. Does the address begin https:// and display a padlock icon just before the address? If it does then you have an SSL certificate installed and working. If your address just begins http:// (without the ‘S’) then you need to get one installed. Just contact your website provider and ask them to install one for you.

2. Use a strong password to log into your website

Make sure that the password you use contains upper and lower case letters, numbers and special characters. It is a good idea to use different passwords for each site you use, as if there is a data breach on one site, the hackers don’t gain access to other sites you use. This is especially important on any sites where you buy things such as Amazon or Ebay, but also for your website, because these are a target for hackers wanting to install malware.

3. Make sure you backup your website

This is imperative as if your site gets hacked you will need a backup copy to restore all your files and information. We have had lots of parish councils who have requested a new website and told us that their existing site got hacked and they lost everything. Just like any computer system – make sure you have backups and that they are stored off-site.

A good hosting company will keep regular backups of your site. It’s worth checking with your provider to see if they do this.

4. Keep you software up to date

Providers of Content Management Systems (CMS) software such as WordPress or Joomla and the makers of the software that adds functionality to your town or parish council website constantly provide updated software with added security enhancements, in much the same way as your computer updates it’s operating system (usually Windows for those on a PC) from time to time.

You should always make sure your website is running the latest versions of all software that will include patches for any vulnerabilities that are discovered. You should also delete old unused software, as this can still act as a backdoor for hackers, even if it is not in use.

5. Don’t use the default usernames and log in page

When your site is first installed, the installation program usually sets up a default user to be the main site administrator. So for example WordPress uses ‘admin’ as the default name and https://[yoursite]/wp-admin or https://[yoursite]/login to get to the login page. If you use these defaults, hackers already have 2 of the 3 pieces of information needed to log in and hack your site – the third being your password.

If you change these settings from the default, hackers would need to guess 3 pieces of information to hack your site – the username, the password and the login page.

If you site is set up in this way, you can ask your website host to make it more secure.

6. Use a firewall and anti-malware software

Just like on your computer, it is vital that you have security software installed to protect your site. There are lots of security systems available depending on what platform your site is running on. You can ask your website host about the options available.

To get a quote for our hosting service – which includes all the features listed above, you can visit: Get a Quote