In this article, I’ll list the components involved in cyber communication. I’ll explain to Internet users how to check website security. I will also outline for the small online business owners and bloggers the importance of implementing website security and tell website administrators how to make sure that their websites are secure. I’ll talk about the role of securing the website in search engine optimization.
What Is Website Security?
Website Security is the capability of the website to protect the consumers’ information from cyberattacks.
The website page you can access through your browser is only a window displaying a relatively small chunk of information you request when navigating the website. The full information is stored on the powerful server computers that belong to the web hosting company. All security measures are taken by the server administrators of the web hosting company, and not by the website administrators.
However, website administrators are paying for the web hosting service and they choose what and how many layers of security protection they want to purchase.
There are 3 places in the chain of web communication where your data can be attacked and damaged or stolen:
- The servers of the web hosting company can be attacked
That’s why reputable web hosting companies invest a lot of money and effort in Information Security.
There are different plans that are offered to the website owners, and owners select the level of protection most appropriate for their website’s purpose and content. Healthcare, eCommerce, financial websites must have the strongest security, while individual bloggers usually choose the most basic web hosting plans.
The level of security provided through the basic web hosting plan would be different from one web hosting company to another.
- The users’ computers can also be attacked.
It’s your responsibility as a computer and Internet user to protect your own computer by timely running system security updates, installing firewalls, and antivirus software.
- The attack could happen during the data transmission between your computer and a server computer.
Most web hosting companies offer website owners to purchase the Transport Layer Security (TLS) certificates, better known by its predecessor’s name Secure Sockets Layer (SSL), as an add-on to the web hosting plan. Sometimes, shared SSL could be included in a price of the plan.
TLS is an enhanced version of the SSL protocol. The SSL and TLS names are still being used interchangeably. TLS assures encryption, authentication, and integrity of the data sent over the communication protocol. The communication protocol – Hypertext Transport Protocol, or HTTP, empowered by the TLS certificate turns into HTTPS (HTTP Secure).
How To Check Website Security?
Is Web Hosting Provider Reputable?
As a website user, you don’t have access to the information about the security measures established on the web host’s side. You can check the name of the web hosting provider and assume that the reputable provider would have sufficient security even for their basic plan.
You can find out what web hosting services the website is using by visiting WhoIs LookUp and entering the URL of the website in question. In the returned result page, the information you are interested in is the Name Servers (usually 2 names)
Name Server: NS8211.HOSTGATOR.COM
Name Server: NS8212.HOSTGATOR.COM
The name of the server in the example above tells you that this website is hosted at HostGator. If the name does not clearly identify the web hosting provider, you may want to google “web hosting server”+[Name Server] (replace with the actual Name Server retrieved from WhoIs).
Here is a couple of the places to check reviews on the web hosting services:
Another example of a less popular web hosting provider:
Name Server: BECKY.NS.CLOUDFLARE.COM
Name Server: CLYDE.NS.CLOUDFLARE.COM
This Server belongs to Cloudflare.
My first step in researching the reliability of this company and the level of security they provide is to visit their own website.
Among their plans, Cloudflare offers a free web hosting plan. Of course, a free plan sounds attractive to individual bloggers. However, the free plan does not include a Web Application Firewall (WAF) which is supposed to defend websites from automated attacks and does not offer an SSL certificate either.
In my opinion, websites without WAF should not even be allowed. As a consumer, I would immediately question the quality of the service and the level of its security offered through the paid plans by this company. The next level plan is Pro for $20/mo. It does include mitigation of DDoS (Distributed Denial-of-Service) attacks, Shared SSL certificate, and WAF. The next Business plan is $200/mo. And then there is an Enterprise plan, which in place of the price say “Request Quote”.
Which plan do you think most of the small businesses and individual bloggers buy? I’d say the “Pro” plan.
My next step in investigating this company is to look them up on HostAdvice and Tbwhs.com.
Tbwhs.com had no record of Cloudflare. On HostAdvice, out of the last six submitted reviews (the most recent one being 2 weeks old), five gave Cloudflare a 1-star rating out of 5, and one was a 2-star rating.
I could go further in my research, but I stopped right there and decided that I would not feel comfortable providing any sensitive information on a site hosted by Cloudflare. My name and email address would be the most I’d be willing to submit through such a website if it has an SSL certificate installed (please refer to the chapter below for the guidance of determining this fact)
I strongly recommend researching the web hosting company before submitting any sensitive personal information on the unknown website.
Is Data Transmission Secure?
As a website visitor, the one thing you should always check is whether the transmission of your data from your browser over the Internet to the server is secure.
The easiest automated way to check website security is by entering its URL in this free SSL Checker tool.
To perform a manual check:
Check the URL in the address bar of your browser. If a website is running over HTTPS (Hypertext Transfer Protocol Secure), it means that the site is protected by Transport Layer Security (TLS) protocol.
On the secure website, you’ll see a little icon of a padlock.
In Google Chrome, you’d need to double-click in the address bar in order to see the full URL:
In the Internet Explorer browser, you’ll see the full URL as you open the page – no extra clicks are required.
A browser-independent way to get the full URL is to highlight it, copy and paste it to a text editor.
If you know that the company or a person owning a secure website is legitimate and trustworthy, then it’s safe to provide sensitive personal information and make purchases on a TLS-protected site.
However, even if the website is secure, but you are not sure about the trustworthiness of the owner yet, do not give away your full name, street address, Social Security Number, Credit Card or Bank accounts, or any other information of such a sensitive nature until you verify the owner. Scammers may have a secure website too.
Even a website served over HTTPS may have some pages of mixed content. Mixed Content is a combination of both secure (HTTPS) and non-secure (HTTP) elements delivered over TLS. Mixed content can potentially be read or modified by hackers.
The image on the right (or above, if you are viewing this on a smartphone), is a screenshot from Google Chrome. The padlock has turned into “i” indicating the warning.
This is not my site, therefore I didn’t want to expose the owner and covered the URL.
When you click on the “i” icon, you’ll see the message shown in the image: “Your connection to this site is not fully secure”.
The Internet Explorer did not offer this information to me, but it also didn’t show the padlock on this particular page. You could tell there was a problem because the URL shows HTTPS protocol with no padlock. However, you need to know these details in order to notice them.
And here is the Homepage of the same site as above:
I would think twice before giving my personal or financial information to such a page.
And of course, there are sites that are non-secure at all. It doesn’t mean that they are not trustworthy for the content they provide, but they are not secure, which means that it’s easier to get a computer virus from them and have your information hacked. You shouldn’t trust a non-secure site for any data-requesting features or make purchases through them.
Google Chrome suggests that you shouldn’t enter any sensitive information on this site because it could be stolen by attackers.
Once again, it doesn’t mean that you shouldn’t trust the author, but on such a site your personal data is at risk.
Is The Website Sharing Your Information With the 3rd parties?
Before making a final decision on whether you should provide your personal information to the website you are on, you may wish to find out whether they will share your information with other people or organizations.
- Pay attention to any messages that come up when you are about to submit your information.
I recently came across a website where I wanted to leave a comment in the Comments field below the post. Nothing on this page looked out of ordinary. I read the post carefully and wrote long relevant feedback because I thought that I could contribute some ideas from my personal experience on the subject of this post.
As a blogger myself, I know how helpful thoughtful comments are. They add value to the original post and create discussions with your readers. Search engines love user engagement! Therefore, I could keep my mouth shut, but I wanted to support a fellow-blogger.
As I was about to submit my comment, I realized that there is no usual way to enter my name, email of my choice and my website’s URL (always optional). Instead, the options were to sign in with Facebook, Twitter, Google account or Disqus. I’ve never used Disqus. I don’t have an account with them, and I have no desire to share any of my personal information with them, even if it’s just my name with the photo.
I decided to log in with my Facebook account (even though that wasn’t my preference). I clicked on the Facebook icon, and the message shown in the screenshot below came up.
If I clicked the “Confirm” button without reading the message, my name, photo and email address would be shared with Disqus. Perhaps, this would cause me no harm. Disqus seems like a legitimate company that provides, in their own words, “blog comment hosting service for web sites and online communities that use a networked platform”.
However, I’m not well familiar with this company and don’t want to spend my time researching them as I don’t need their services. I don’t think I should be forced to share my name with the photo (I could turn off sharing the email address) with those who don’t need to have them. Therefore, I opted out and did not submit the comment I’ve already written for this blog post.
Sorry, pal – fellow-blogger! I tried to be nice to you, but you have to make it fair for me too.
Tips For The Owners On Securing Their Websites.
Install SSL/TLS Certificate.
Per Sucuri, “There is often a misconception about why websites get hacked. Owners and administrators often believe they won’t get hacked because their sites are smaller, and therefore make less attractive targets. Hackers may choose bigger sites if they want to steal information or sabotage. For their other goals (which are more common), any small site is valuable enough.”
Having your website secure, even if you don’t collect any personal information is very important.
Not collecting personal information means that your website is “read-only”:
none of the posts or pages have comments area enabled, you don’t offer your visitors to sign up for your newsletters, not asking for an email address in exchange for a gift, etc.
If that’s the fact about your website and you are relying on organic traffic, then you’re hurting your website performance.
- Search engines give you credits for user engagement and interactions with your visitors.
- The comments and discussions with your readers add quality content to your posts: your 1,000-word article could grow over time to 10,000 words just because of the discussions with your readers via comments.
Your site could rank higher if you communicate with your readers, and the higher rank you get, the more organic traffic would come to your website.
- Besides, search engines rank secure websites higher just because they are secure.
- Visitors feel much safer when they see this little padlock icon in the address bar of your website. More of them will be willing to return to your website in the future. The return rate also plays an important role in your ranking.
To purchase and install the SSL/ TLS certificate, contact your web hosting company. You can also purchase it independently from sites like SSLStore.
Find And Resolve Mixed Content Issues.
If your website has SSL/TLS Certificate installed, but your padlock doesn’t show on some pages as explained in the “Is Data Transmission Secure?” chapter, these pages have Mixed Content.
To find out what parts of your page are insecure, navigate to that page in your browser. I use Google Chrome, but most browsers provide similar tools. In Google Chrome, right-click on the page and select “Inspect” from the pop-up menu.
A window with the source code will show on the screen. Select the “Console” tab at the top of this window. You’ll see Mix Content warnings. In the code, find URLs that start with “http://” and not “https://”
Oftentimes, these will be images served over the HTTP protocol. You can click on http://xxx/xxx… link to view the source. The “Sources” tab will open. You’d need to click on the “Console” tab again in order to return to the list of warnings.
If your page problem is indeed in the insecure image URL, check if this image is also available over HTTPS:
- copy image URL
- paste it in a new browser tab
- change http:// to https://
- If the same image is displayed after changing the URL, edit the mixed content page/ post in your WordPress environment or whatever CMS you are using to work on your website and change the problematic URL to start with https://.
- If the image cannot be displayed over HTTPS, you’ll need to find a way to display it from a secure location or remove it altogether. If legally allowed, you may want to download this image and host it on your website directly.
- Update the post/ page to reflect changes
- Navigate to the page in the browser and confirm that the error is gone.
Are You Confident In the Security Level Provided by Your Web Hosting Organization?
Please do not sacrifice users’ security by choosing free or unrealistically low-price plans (unless it’s a time-limited promotional offer).
Find the most affordable plan that corresponds to the level of protection your website requires depending on the type of information you collect from your visitors.
If your site receives a lot of spam comments, you may also consider switching your web hosting service rather than installing anti-spam plugins, which slow down your website’s loading speed and thus decrease your ranking in search engines.
A good web hosting provider should take care of your website security and free you up from such worries.
I am hosting my website with Wealthy Affiliate. Taking advantage of their Black Friday offer, I’m paying $299/year for my Premium membership. This is $25/mo for the fast and secure web hosting, incredible 24/7/365 Technical Support that usually responds within 5 minutes, advanced keyword research tool, a platform for easy finding, joining and managing your affiliate programs, endless comprehensive training, personal mentorship, supportive worldwide community of about a million members, many of whom are the experts in different types of online business.
Without a promotional offer, the annual membership costs $359 (this comes down to $30/mo), or $49/ mo if paying month-to-month.
Should Black Friday deal be offered this year again (it had been offered for 7 years in a row), you’d be able to take advantage of it. The payment previously made would be prorated towards the new offer and you won’t lose the money you’ve already paid.
With my Premium membership, the SSL certificate is installed for free on my websites. The spam coming to my website is close to zero (I’ve received 3 spam comments since December 2017) I don’t run any plugins on my websites that provide a firewall and malware protection or spam protection. Everything has been taken care of by the Wealthy Affiliate web hosting services at no additional cost for me.
Please feel free to investigate my website’s security with SSL Checker tool or manually and do your own research on Wealthy Affiliate.
If you are having issues with your current web host or would like to create a new website, I invite you to join Wealthy Affiliate by clicking the button below and move your websites to their hosting. Premium membership allows up to 10 websites to be hosted at Wealthy Affiliate.
Click The Button To Get Your First Month Of Premium Membership
For Only $19.00 ($30.00 OFF)
You can join Wealthy Affiliate for FREE in order to explore the fabulous training, tools, and service they provide. As a free member, you can create 2 free websites on the SiteRubix subdomain. Then, you can decide based on your personal experience whether it makes sense for you to upgrade for the Premium Services and move your website to their web hosting (or move the free website you built to your own domain).
Act now and start exploring and learning!
IT professionals take Information Security very seriously. Most webmasters also treat website security as their top priority.
However, there are close to 2 billion websites in the world. Every individual nowadays can easily create and run his or her own website. Unfortunately, not all of them want to properly educate themselves about all the responsibilities that a website administration imposes. Therefore, there are still many websites, especially run by solo entrepreneurs, that are not secure and create danger for their visitors.
Prudent Internet Users want to take control in their own hands for their safety on the World Wide Web. That’s smart and worthy.
When I see pedestrians at the pedestrian crossing stepping down from a curb to cross the road on his/her green traffic light without looking to the sides for cars, I mentally ask them: if there were a violent driver (sick, drunk, or else…) coming your way, whom you are going to tell that it wasn’t your fault when you’d have to live to the rest of your life disabled? Will it help you?
The same applies to all safety issues, including Internet security. A lot of precautions are taken by professionals, but I urge you, as a user, to watch out!
Also, keep in mind that checking website security is only one part of assuring your safety on the Internet. The other part is the trustworthiness of the website, which will be discussed in my next post.
Bloggers and other webmasters, you want to be safe in cyberspace, don’t you? Make it your highest priority to secure your own websites and protect your visitors.
I invite you to Wealthy Affiliate to learn everything you need to know about properly running your online business – you won’t regret joining our supportive community and learning from the industry experts, I promise. Learn more about Wealthy Affiliate here and join for free now to explore the platform yourself.
If you have any questions or comments, please leave them in the “Comments” area below.
24 thoughts on “How To Check Website Security”
This article is so important because it touches a very major issue about the internet community. I recently started a new free website and I am hoping to get better ways of security so I can secure my website from cyber attacks. I don’t want to be sued for breach of confidence. This article is so amazing and informative as I have known more about the security of my website. I am going to share this article with my friends who are members of Wealthy Affiliate so we can all learn of ways to secure our websites and how important it is.
Thank you for stopping by and for your message. If you are at WA, no worries, you are safe and so are your customers. 🙂 Your website – free or not – is secure. I haven’t heard of anyone being sued for the breach of confidence (sorry, just teasing you a little! Did you mean “confidentiality”?), but for the client data breach, the website owners can definitely be sued. Not you, though, because all the necessary precautions were implemented for you by WA.
I really want to first appreciate your effort in putting this great website together and writing this article. Getting to learn about site security in this way is awesome. You have explained everything in an understandable way. I feel comfortable with Wealthy Affiliate and I am glad I read this post.
Thank you for your kind words. I’m glad that you found the information valuable to you. Wealthy Affiliate makes all its members feel comfortable. 🙂 We learn a lot there and truly support each other. It’s a great place to be, or I wouldn’t suggest it to my readers.
It is great for the older generation who uses the web, because you are pointing out what to look for and how to protect their personal information and how to recognise safe websites before offering any information or payment details.
For me, if I am about to shop online I always check what kinds of payment systems they use and what types of payments they can accept. I usually avoid shopping on websites that do not accept PayPal, unless it is highly recognised, like Amazon.
As a Website owner, I benefited from your website as well, because for me it is very important to understand safety features and what makes the client feel safe while they are spending their time there. Great! Thank you.
I agree that the older generation is vulnerable in terms of safety in cyberspace due to their often low literacy in modern information technology. But believe it or not, a lot of young people are careless and don’t take the danger seriously due to the lack of experience dealing with a consequence of sensitive data loss – it’s a lot of hassle to go through.
Thank you for your good tip on paying for online purchases via PayPal wherever possible; it definitely adds another layer of protection to your financial account. Keep in mind though, that shopping is not the only place and time for cyberattacks.
I’m glad that my article added some clarification for you as a website owner with respect to protecting your clients’ data.
Thank you for visiting and for your valuable feedback.
I had a previous site that got completely scraped and I found all my content on someone else’s site. Literally my entire site was on someone else’s site. I found it through some due diligence of looking at backlinks to my site and a name came up that looked odd. Upon further review that was what I found. I got away from free hosting pretty early on and always go with the notion that if they are offering something for free it can’t be very good. So many people are oblivious to what can happen on the web and how quickly you can be compromised. The same goes for emails and providing banking information to phishing schemes. Cybersecurity is so important these days and this article was so in-depth it was perfect.
To steal the content one doesn’t need to write complicated programs and hack your data in transmission or on the server-side. The text and images can easily be copied from a browser page. Unfortunately, even the strongest website security cannot save us from that. There are some plugins that can be installed on your website to prevent people from selecting and copying the text on your page… And even that can be easily worked around.
This is known as “duplicate content” for the thief because yours was created and indexed first. On rare occasions, your site may suffer, but usually, it’s the thief’s site that is punished by Google and other search engines and doesn’t get ranked. I’ve addressed the “duplicate content” issue in the Winning Tactics In Writing for a Blog article.
In my opinion, using the plugins to prevent copying from a web page, is not a good idea. Well, maybe on a young site that might mistakenly be also punished when someone steals the content from it, but on a mature site – there is no reason. If you don’t want to lose readers whose English is their second language (we often copy/paste paragraphs or single words from the pages we read into translating apps), then don’t install plugins with such functionality.
Information security protects data in transmission and in data storage – not the content displayed on your web pages. This is why we should protect our websites by choosing a quality web hosting appropriate to the level of personal information we collect from our clients.
I hope this clarifies things for you. Thank you for your comment. Please let me know if you have any questions.
Website security is such an important topic and it’s something bloggers need to take seriously. I think the first step is to use a reputable hosting company and I like how you’ve written about this in the article. I’m learning lots from your blog!
Thank you for the comment. Yes, site security is often overlooked by bloggers. Therefore, Internet users should protect their own personal data. That’s why I offer this advice on how to check website security.
At the same time, I want all bloggers to be successful and not lose their traffic. That’s why I included the last chapter for them.
Thank you for reading and learning. I’m glad that you find this information helpful.
Great article and so many great resources. The phishing scams are getting so intricate with personal details. It’s scary. Everyone
needs to be diligent about security.
The phishing scams that we all are getting via email and phone calls are a whole different story, but you are right, that’s a threat to our personal data too. Nobody can protect us from phishing but ourselves.
In my article, I am talking about the website admins’ responsibility to secure electronically submitted and stored personal data of their visitors. I also explain to the users how to protect themselves since webmasters often don’t take this responsibility seriously and thus jeopardize their readers’ safety. The only way for Internet users to protect themselves is to be aware of the site being insecure. On such a site, do not submit any personal data which, if stolen, would cause a problem.
All the best,
This is very helpful information for almost everyone. It’s easy enough for beginners and people who are not really into it. It’s very useful and practical
Thank you, Lyosha. I’m glad to hear that it’s easy to understand and is useful.
This information is so thorough and so helpful. It’s really sad, though, that we have to be so incredibly careful. I love having a blog but all the extra work in making sure it’s secure is mind-boggling. I’m so glad you are here to help us keep things organized and safe!
If you choose the right web hosting provider, then this extra work is off your shoulders. In most cases, you’d pay extra for the good hosting service, and that’s why I’m suggesting to join Wealthy Affiliate – for a very affordable price, they take care of your website, your education, and your sanity 🙂 by taking all the burden on themselves and letting you create your awesome content without any additional worries.
All the best,
Thanks for this article. I have zero knowledge about technology and am just a writer. I have heard of so many horrible stories about the content being stolen and the website being hacked. But I love your website and what it covers thanks for a wonderful article. I have saved it and will read it again. Cybersecurity is so important these days and this article was so in-depth it was perfect.
That’s what many “bloggers” say: “I am just a writer”. I’m glad that even though you only want to write, you understand that if you want to share your writing on a blog, you need to take care of your readers and protect their data. If you run a blog, then you are not just a writer, you are also a blogger, and that assumes some extra responsibilities as well as an understanding of how to bring more readers to your blog by optimizing it for search engines. Someone, who wants to be just a writer, could become a freelance-writer on other people’s websites. Then, all the responsibilities and expenses would fall on the websites’ owners.
Most of the time, stolen content is not a problem for the original creator; the thief’s website will suffer as the search engines count in the published date/time – they know who was the original author!
As I mentioned in this article, website owners must pay for web hosting services. Secure and well-protected from spam hosting may be quite expensive. In my opinion, Wealthy Affiliate (WA) offers the best quality and quantity of services for the most affordable price. WA teaches writers (and not writers) to become bloggers and takes a lot of blogger’s responsibilities on itself to assure a safe and creative environment for the members.
Thank you for reading, and I hope to see you back on my website. It’s secure and trustworthy! 😉
A websites security is super important and a must needed subject. I think this is the perfect indepth guide too thank you so much xx
It’s nice to see you back on my site! You are welcome and thank YOU for returning, reading, and for your appreciation.
We as bloggers should definitely learn more and understand how website security works as it certainly helps us a lot. Quite the informative post and very helpful as well.
It’s nice to see a fellow-blogger stopping by and commenting on my post. Thank you.
I am really glad that you take responsibility for your readers’ data security seriously. I hope that your blog is secure and you are fully aware of the security measures ran by your web hosting provider.
If you have any questions, feel free to come back and ask me.
If you need comprehensive training on all components involved in blogging (not only fast and secure hosting but also how to increase the organic traffic on your blog, improve conversion rate, SEO for page 1 ranking in Google, Bing & Yahoo, WordPress, proper keyword research, etc), consider joining Wealthy Affiliate. The Premium membership price is very affordable!
All the best,
I have been blogging for a long time and you think that meant I knew everything. I don’t — only know that there’s a lot still to learn. Your posts are always relevant and well researched. This one gave me some pointers on questions to ask my hosting provider before I renew. Thanks for the help!
Only an experienced and serious blogger (or a specialist in any field) could admit what you just said. Thank you!
“The more I learn, the more I realize how much I don’t know.” ― Albert Einstein
I have the same feeling as you do – there is still so much to learn for me!
I’m glad that you found useful information in my post. I look forward to learning from you too.
Wishing you great success!