Posted on Jun 2, 2017

How to Protect Your Website’s Data

In our recent article on protecting your site from malware attacks, we shared recommended tips covering everything from keeping your site updated to using strong passwords, and from hiding login pages to locking down your file folder permissions

All of these steps are important, but they only represent one possible threat against your website: malware attacks.

Not to sound alarmist, but malware is only one of factors that could negatively affect your website’s data. Implementing an appropriate website security plan, therefore, involves understanding these different threats and how they could affect your site, as well as taking the necessary steps to safeguard your data against different types of attack.

Here’s what you need to know, and how to get started:

Understand the Risks Facing Your Website

Behind the scenes, your website is nothing more than folders holding individual files, each of which contains series of code that tell internet browsers what to display. Depending on the complexity of your site, it may also involve databases storing your data and your customers’ information; in either case, your site can be reduced to lines of code and individual data points.

So while we know that malware is a very real threat to the stability and integrity of your website, it’s also not the only factor that could put your pages at risk. Other possible sources of concern include (but are not limited to):

  • Hacking attempts that exist for other purposes beyond spreading malware
  • “User error,” involving changes that negatively affect a website’s functionality
  • Incompatible plugin updates that render websites frozen  

If, for instance, you attempt to make changes to your website’s code, but in doing so, remove lines that are needed for your site to function, you’ve compromised its data – even though no malicious action has occurred.

On the other hand, “hacking attempts” can be initiated with the intention not necessarily to spread malware, but to capture the personal data customers have stored within your website’s databases. Protecting their data as well as your site’s code is vitally important to your business’s reputation and ultimate performance.

Understand What Type of Data Your Website is Storing

Now that you know what you’re up against, it’s important that you take the time to fully understand what types of data your website is storing so that you can come up with a plan to protect them fully.

First, there’s the data associated with your website itself: the code files and databases we mentioned earlier that are necessary to its operation.

However, you may also have any of the following types of customer data stored within your server or hosting account:

  • Newsletter subscriber opt-in information, including name, email address and/or segmentation data
  • Customer data, including all of the above, alongside purchase data, payment methods and other profile information (such as passwords and preferences)
  • Browsing data, tracking who has visited your site and what activities they’ve undertaken

In some cases, this information may be stored within a third-party tool that communicates with your website; for instance, an email newsletter management service like Mailchimp or Constant Contact that gathers subscriber data but stores it externally on its own servers. Though you’ll need to take fewer steps to protect this data, it’s still important to understand where it exists and what backup steps you may need to undertake.

If you aren’t clear on what types of data exist on or are captured by your website, your hosting provider may be able to help. You can also get a good idea by walking through common activities on your site and making a note of any place where you’re asked to provide personal information.

Minimize Unnecessary Data Collection

Storing some data is unavoidable; after all, your website is made of data. Without these code files, you wouldn’t have a website in the first place.

That said, there may be instances on your site where your pages are capturing unnecessary information from your visitors. Take your email opt-in form, for example. Including extra fields that provide some additional information but aren’t necessary to your ability to deliver the promised content not only means you have extra data that must be protected – it could be affecting your form’s performance as well.

Take the example of Neil Patel, who started out with an email opt-in form that captured four fields: name, email address, revenue and website URL. By removing the field for revenue, Patel was able to increase his form conversion rates by 26% while minimizing unnecessary data collection.

email opt-in form

Consider carefully whether or not every field you require users to fill out is necessary. If there isn’t a solid business case for their inclusion, extra form fields and data collection steps will only add unnecessary hassle to your life.

Protecting Your iPage Website

If you host your website with iPage, there are two tools you’ll want to enable in order to protect your website’s data: SiteLock and Website Backup & Restore.

  • SiteLock automatically scans your website for malware and blocks bot attacks automatically. It can also be used to help you find and repair the kinds of security vulnerabilities covered in our article on preventing malware attacks. This protects the data stored on your site from attack by external forces.
  • Website Backup & Restore captures copies of your website’s data and files automatically, giving you a clean copy from which restores can be executed in the case of either an external attack or an internal “user error” situation.

To enable SiteLock, login to your Control Panel and select “SiteLock.” From there, you’ll be given the option to “Add Protection” for each domain on your account.

SiteLock registration

From the next screen, you’ll be able to either purchase a plan or apply a credit if you have one (for example, if you received one from your purchase of WP Essentials):

adding SiteLock protection

Once your plan is activated, you’ll be asked to agree to the program’s Terms & Conditions. After this, protection will begin automatically, and different settings can be configured (based on the plan you’ve selected) from within your account’s Control Panel.

iPage’s Website Backup & Restore tool is equally as easy to use. Once you’ve chosen your plan and your backups have begun, you’ll see the following information on the tool’s landing page:

website backup and restore

Should you ever need to restore either a web page or an entire database, you’ll locate the appropriate file within the “Your Backups” section, click “Restore” and follow the prompts given to revert your website back to the earlier version:

website backup versions

Both the Basic and Pro plans of iPage’s Website Backup & Restore tool offer automated daily backups (though only Pro plans give you the option to conduct backups on-demand). If you’re using another tool that does not include backup automation, you’ll need to set aside time regularly to make sure your backups are up-to-date. Don’t get caught without a current version of your site backed up!

Protecting Your External Data

In addition to securing the data hosted within your website or on your hosting account or server, you’ll want to consider how any data you store with third-party tool providers is protected.

For instance, take the email subscriber data referenced earlier. If you use a tool like Mailchimp or Constant Contact, you’re relying on these providers to protect the information your followers, subscribers and customers have entrusted to you – even though you don’t directly control the storage of this data.

With reputable providers like these two, data security may not be a big concern. But what if you’re using a lower-quality tool? Can you guarantee that your information is safe from attack, or that your chosen provider won’t disappear overnight with your data?

Whenever you plan to use a third-party tool to store some of your website or business data, it’s best to ask the following questions:

  • How long has the provider been around?
  • Have other customers had a positive experience with this provider?
  • How will the provider protect my data?
  • Has the provider been subject to past hacking attempts (and, if so, what was their response)?

Performing this analysis should help you to identify any possible red flags that might indicate you should work with another provider. But even if you’re happy with what you uncover, it’s still wise to backup any data stored within these tools on a regular basis. A once-a-week backup of your email subscribers, for example, will protect your business in the event of an unexpected disaster.

When it comes to website data, you can’t be too safe. Understanding both the full scope of the risks facing your website and how these risks could affect the information you have stored is the key to creating a security plan that’ll keep you and your business safe.

What other steps have you taken to protect your website’s data? Share your best tips and tricks by leaving us a comment below:

Header Image: Flickr