4 Steps to Securing Your Startup Website

January 8, 2018 in Small Business

As a website startup, your site is critical to your success: it’s the face of your business and likely your primary channel for revenue and lead generation. However, your website and your business are put at risk every day by an unseen threat: cyberattacks.

The average website experiences multiple attacks every day, any of which could result in stolen customer data, blacklisting by search engines, or suspension by your web host. A successful attack on your site could also impact revenue, tarnish your reputation, and degrade customer loyalty. To protect against a possible cyberattack and mitigate the consequences it could have on your business, you’ll need to invest in website security.

Many website startup owners believe their websites are inherently secure, or that website security is the responsibility of another party, such as a hosting provider. In fact, recent SiteLock data shows that 45% of surveyed website owners believe their web host provides security for their website.

While your hosting provider keeps the server your site is hosted on secure, securing your website is your responsibility. You can think of it like securing an apartment building – property management (or the web host) ensures the building and its premise is up to code, but it’s the responsibility of each tenant (or the website owner) to lock their doors and windows.

Don’t worry, securing your website is easier than you think! By following these four simple steps, you can focus all of your efforts on growing your business knowing that your website is protected from all angles.

1. Install a SSL Security Certificate

Even if you aren’t familiar with the term, you’re likely already familiar with SSL certificates. If you’ve ever noticed a URL that begins with “https” and a lock logo with the word “Secure” in your browser bar, then you’ve found a website that has an SSL certificate installed. This means that sensitive information, like login credentials or credit card numbers, is encrypted as it passes between the website and its server. The certificate does not actually protect information on the website itself, but it does prevent cybercriminals from intercepting the information in transit.

Most certificate providers offer trust seals that you can display on your site. Studies reveal that 79 percent of online shoppers expect to see one when visiting a website. Even if your business doesn’t deal in eCommerce, a trust seal declares to your customers that your website is not only safe and secure, but legitimate. Think of it as an ID card for your website – it proves that you are the verified owner of your website.

SSL certificates can also benefit your website’s Search Engine Optimization (SEO), which leads to greater website traffic, visibility, and credibility. Since 2014, Google has given higher priority to secure websites, in hopes of encouraging more websites to make the switch from HTTP to HTTPS. It’s a lighter ranking factor than others, but with a new business and a new website, any drop in your SEO bucket is worthwhile. Additionally, as of January 2017, Google is now taking a more heavy-handed approach. Website startups that collect sensitive info without an SSL certificate will be marked as “non-secure” in search results, which could be the first impression your customers get of your business. Installing an SSL Certificate – regardless of the type of business you’re running – is an easy way to immediately win the trust of new, potential customers.


We’ve all experienced CAPTCHA tests, proving hundreds of times over that we are not robots. But do you know why they’re used?

Fillable forms on websites – such as login fields or contact forms – can be used and abused by cybercriminals and spammers. Unprotected, these serve as entry points into which code can be injected to achieve a number of malicious ends: stealing customer info, distributing spam, or even taking control of the entire website.

This rarely happens by way of a hacker targeting a specific website. Instead, they program bots to automatically crawl websites looking for these types of vulnerabilities. While a CAPTCHA does help to keep the robots at bay, it can sometimes be a pain point for many companies. Antiquated CAPTCHA forms require a lot of effort from potential customers, taking an average of 10 seconds to complete. This caused great frustration for customers and was often blamed for a negative effect on conversions.

Google’s reCAPTCHA has already begun to change the effectiveness and simplicity of the CAPTCHA system. Instead of deciphering fuzzy audio or squiggly text, reCAPTCHA can be solved in as little as one click. reCAPTCHA is totally free – and doesn’t require coding. Additionally, if you use a content management system (CMS) such as WordPress, adding a CAPTCHA to your website is as easy as installing a plugin.

3. Implement a WAF/CDN Combo

Imagine that you log on to your site one day and notice there’s been a huge surge in traffic. You may assume this is great news for your business, right? It could be – but it could also come from a swarm of malicious bots trying to overload your server.

A DDoS attack occurs when a website is overloaded with illegitimate or automated requests, and the server is taken down. Website downtime can be extremely costly and will not give potential customers a good first impression. In fact, 40 percent of online shoppers are likely to click away from a website that takes more than three seconds to load – and as load time increases, so does the abandonment rate. One of the best ways to protect your site from a DDoS attack is with a WAF (web application firewall), which automatically blocks malicious traffic from hitting your site.

Working hard on your site’s SEO? Then you know how important it is to avoid duplicate content – which is another reason to worry about bots. Bots known as “scrapers” are able to copy content from one website and post it on another – creating duplicate content and harming the original site’s SEO.

As mentioned earlier, a slow-loading website can deter potential customers – so make sure you’re prepared to handle that inevitable flood of legitimate traffic when it does come in. A content delivery network (CDN) uses data centers around the world to cache a website’s content, which decreases loading time. For example, if your website’s server is in Phoenix but your customer is in Sweden, they will be served a cached version of your website from the nearby Stockholm data center. The data doesn’t have to travel as far, which means faster loading times for your site and happier customers.

4. Use a Website Scanner

No website security plan is complete without a website scanner that can automatically check for and remove malware. Malware is an ever-present threat that continues to evolve and become more difficult to detect. An automated website scanner can monitor your website for potential threats on a daily basis, working in the background while you tend to your business.

The different types of malware can cause harm to your business in many ways, including stealing personal and financial data from your customers. Malware can also damage your business’s reputation by landing your website on Google’s blacklist.

If Google detects malware on your site, your visitors will be greeted with an alarming error message, and your site will be removed from search results until it has been cleaned and re-crawled by Google. All too often, this is how website owners discover that their site has malware, and by then, their website has already been infected for days. Blacklisting can have a devastating effect on a website’s revenue and reputation, which is why Google errs on the side of caution and only blacklists websites they are certain are infected.

In order to keep malware off of your website and your website off of Google’s blacklist, you’ll need to stay aware of potential security threats. The most effective way to combat malware is also the easiest: by employing a daily, file-based malware scanner on your website. Automatic scanning saves you time, and automated malware removal ensures that you can mitigate threats as they happen, minimizing their impact to your site and its visitors. SiteLock’s website scanner is the only scanner in the industry that can remove known malware automatically, offering you even more peace of mind as you tend to your business.

If website security wasn’t already part of your business plan, there has never been a better time to put it in place. SiteLock offers a suite of comprehensive website security solutions for businesses of any size. Partnering with a reliable, proven security leader to protect your websites is one of the best investments you can make for long-term success – and that’s just good business sense.

Latest Articles
Follow SiteLock