Contributed By


Anita Campbell

CEO at Small Business Trends

View Profile

Quiz: Do You Know These 10 Website Security Steps?

December 08, 2017

See how much you know about website security and how your website stacks up.

Hardly a day goes by without some high-profile hacking or cyberattack in the news. To avoid becoming another statistic, it's important to know basic website security.

Even if you have an IT manager or outside website developer, knowing some basics of website security will help you ask the right questions. You will gain peace of mind knowing that your website is protected. 

Take the quiz! Answer these 10 questions with a yes or no.

1)    Is your CMS software up to date?

One of the most common security issues is outdated WordPress or other CMS software. Some CMS updates specifically are meant to fix security issues. Luckily, these days you can set your WordPress installation to automatically install updates.

2)    Are you using trusted third-party plugins and themes?

WordPress, the open-source content management system (CMS), is incredibly popular with small businesses. Thousands of plugins and themes are available--for free. Here's the rub: that plugin or theme could have a backdoor or be exploitable and let hackers in. Always get plugins and themes from trusted sites such as the official WordPress directory, and make sure they have lots of good reviews and are up to date.

3)    Have you changed default settings on your CMS?

Default settings in content management systems or other software can create vulnerabilities. For instance, some files by default may be writeable by any user (not a good thing). Or the default setup login might have been a username of "admin."  By changing to a different username, you make it harder to crack login credentials.

4)    Do you promptly remove outdated access permissions?

Here's a common scenario: you hire a contractor to work on your website. He or she gets administrative access to your server or CMS. After the project is done, you don't change access levels back. Once a project is done or an employee with access leaves the company, always delete their permissions. Check permissions periodically.

5)    Does your website URL start with https?

The https protocol, (i.e. a "secure socket layer" or SSL Certificate) is on its way to becoming the standard for all websites, not just for ecommerce sites. Https means website data moving between users and your Web server is encrypted. This protects login information to your server from a person's browser from being intercepted in "man in the middle" cyberattacks.

6)    Are you using a WAF (Web application firewall)?

A Web application firewall works between your website and malicious visitors to protect against cyberattacks such as intrusion attempts, SQL injection, and cross site scripting. In some cases, it can mitigate DDOS attacks. WAF brands include CloudflareMaxCDN, and Encapsula. Or your hosting or cloud services provider may have a WAF offering. Features vary, so check exactly what each provides.

7)    Is your server monitored for malware?

You may only discover your website has malware on it when your best customer tells you he sees a big red warning in his browser that your site is unsafe. This is where a monitoring service such as SucuriSitelockMcAfee Secure, or Acunetix adds value. Such services scan and detect malware on your server. Some services even clean up hacked websites.

8)    Do you use SFTP instead of FTP to upload files to your website?

FTP stands for "file transfer protocol" and is a common method used to upload files from a desktop computer to a Web server. Always use a secure version of FTP, such as SFTP. It encrypts and protects your login credentials during the upload process. The 3-minute video in this blog post explains more.

9)    Do you have daily backups of your website?

Don't assume your hosting company automatically backs up website files daily. Some do. But with other hosting plans you must pay additional--or arrange your own. And remember, backing up your website server is not the same as backup protection for employee desktop files. They are different things. 

10)   Are passwords difficult?

Make it hard on hackers! All passwords should have combinations of numbers, letters, and characters, and not be reused across different applications.

Score yourself!

Give yourself one point for each "yes" answer. If you got a perfect 10, congratulations!  But if you answered "no" or aren't sure anywhere, you've got some work to do. Either start investigating solutions, or schedule a meeting with your IT consultant to assure yourself your website is as secure as possible.

 This article originally ran on Inc.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up


Join the Discussion

To Comment either Register or Login:


To view the rules of engagement for commenting on Comcast Community click here


Resource Center

Why Comcast
Comcast Business delivers fast, reliable networking solutions built for business performance and growth

Current Offers
Take advantage of our limited time offers with a customized plan built to give your business an edge over competitors

Community Forums
Find solutions, share knowledge and get answers from customers and experts

Help & Support
Get help and support from Comcast experts

Resource Library
Find out how Comcast has helped clients like you meet their needs with informative White Papers, Case Studies and more

Internet Speed Test
Try the Comcast Business Internet Speed Test to see how your business stacks up

Social Media
Connect with Comcast and join the conversation on LinkedIn, Twitter, and Facebook

Take your business beyond

Fast is the nation's largest Gig-speed network. Beyond Fast is technology that helps business boom.
Learn more about Comcast Business solutions that can help your business perform better.