Laptop, coffee, and sparkling water

Website Security Best Practices

As a developer that has worked closely with small businesses over the last decade, I’ve seen how disruptive unexpected website security compromises can be. As we head into 2018, this is a good point to set aside about 30 minutes to do some often-overlooked but important tasks that will make your business more secure, more stable, and ultimately more profitable.

1. Update Passwords

While it’s a bit of a hassle, regularly changing your passwords is one of the most important steps that you can take to keeping your website and other online assets secure. Choose a random combination of letters, numbers, and special characters, and make the password at least 16 digits long. Use a different password for each website and account. And rotate your passwords out regularly. (I change mine about every three months.)

If you find passwords difficult to manage, use an encrypted password vault to store your passwords and keep them safe. Personally, I use 1Password on my Mac/iOS devices and KeePass on my Windows PC.

2. Update Software

One of the most common reasons why websites get hacked is because of outdated software. If you use WordPress to run your website, take a few minutes to update the WordPress core version and all of your plugins. This will keep old security vulnerabilities from remaining wide open.

3. Back Up Your Data

They say there are two kinds of people in this world: those who have never experienced a major data loss, and those who make regular backups. If you’ve ever had a hard drive crash, a web server fail, or a laptop stolen, then you probably know what a setback that kind of thing can be. As a web developer, I keep archived backups of work I do in case anything ever goes wrong. However, it’s still a good idea to make backups of your own data regularly so that if a loss event ever happens, you can be back on your feet quickly and easily.

In addition to updating your passwords, updating your website’s software, and backing up your data, there are other things that you can do to keep your website and personal data more secure. This includes locking down shared accounts by removing old users, using a VPN when traveling and when on public wi-fi networks, and regularly scanning your server and personal computers for malicious software. In an always-online environment, security is easy to overlook, but the steps above will help you stay that much more secure.

If you’re wondering what is new with me, 2017 has had its share up ups and downs, but it’s been a good past few months living close to the ocean in Virginia Beach, VA. After taking some time off to regroup, I’ve started doing web development and design work again. Additionally, the social media experiment that I’ve been running in the form of the Instagram account @vabeachsunrises has started to get popular and it's worth following to see how it grows. Finally, the book that I edited, designed, and published in 2017, The Keepers of the Sand, is now available on

As with every business, my own has been going through a development cycle. There are some good things that I’m getting ready to announce in the next few months, so stay tuned. In the meantime, if you would like help with your website security, content updates, or expanding the reach of your business in print and online, let me know. Design work is something that I love, and the more that I am in the business, the more I realize that a skilled and trustworthy designer is a valuable asset to a growing company.

Note: This article initially appeared in my email newsletter, Roughing It.
You can join the list here.