How to secure your website against unprecedented attacks


On 25th October 2019, we realized that our website wasn’t working. What was thought as a minor server glitch turned out to be a catastrophic event that changed the way we looked at ways to deal with our website. The following month, we ran from pillar to post to retrieve the site spending countless hours speaking to Godaddy customer care executives, trying different passwords and calling our tech friends. When these efforts didn’t work for us, we decided to restore the site from our older back-ups. Although we lost some data but learned some valuable lessons from this little mishap. 

Statistic shows that more than 50,000 websites get affected every day from hackers and malpractices. You can safeguard yours from the lessons we learned when our website went down. 

1. Onboard a reliable and competent tech-consultant: Especially if you run a non-tech Startup but rely heavily on a website or blog for your business then this is worth investing in. As a frugal startup having a tech partner seemed like an unnecessary expense since we didn’t need tech support on a regular basis. A tech-savvy person can get changes done quickly saving your time, energy and money that can be used for other important work.

Accordingly, Mr. Sandip Sapkota kept our trust by quickly recovering our website and consistently providing support on the recovered website. To connect with him, email him at

2. Back up your website frequently
Back-ups are lifesavers, literally! Imagine your website/blogs getting deleted or infected by virus and becoming irretrievable. All those articles that you wrote, edited and re-edited for hours simply vanished in a matter of minutes. All the beautiful images and videos gone in a flash. But if you had taken a few minutes to take a backup then voila, your website/blog would be back to life in no time. If you run a content-heavy website like ours which is updated every other day then a weekly/daily back up is a good idea but if you use your website to showcase products, or update it only a few times a month you are fine with a monthly back up. 

3. Use creative passwords and change them regularly
When did you last change the password for all your business accounts? Here are some good practices to keep you away from pesky hackers or ill-intentioned people. 

Do not use simple passwords like your birth date or first pet’s name or 12345. An alphanumeric password with special characters like ‘@’ ‘$’ is highly advisable.  Use software like Advanced Password Generator or websites like Roboform to get hard to crack passwords if you find this job to be very cumbersome. You can also use a password manager app to store all your passwords in one place. 

Change your passwords every month and on critical occasions like when an employee or intern leaves, you change a vendor/consultant or if you share your passwords with a digital agency or any partner collaborator.

3. Limit the number of users
Although hackers are continuously trying to access your system, sometimes the fault lies in the users themselves. Let’s face this, people aren’t always careful. In fact, they’re careless even with something as important as securing the website. As a business, you might be required to provide access to outside parties but the mistake happens when we trust them blindly.  Even when you’re mandated to share access, make sure it’s withdrawn once the work has been done. Additionally, it’s best if you provide different login credentials to different people so that when things do wrong, you can always find someone to realize and rectify their mistakes.

4. Secure your website with HTTPS While opening certain websites, say, most of you might have noticed a lock right before the URL. This lock signifies that the website has been secured with HTTPS allowing users to surf the website safely and protecting it against potential harms. Without this protocol, hackers have the ability to steal your login information and do every imaginable horror to your website. We’d say you add the SSL certificate for maximum security. 

5. Use two-factor authentications relying only on your user login can be perilous in the case of websites and other important digital platforms. One simple needs to know your password and username to access all the important information you might have stored online. So, always go for two factor authentication tools to add that extra bit of safety to your locked doors. Some of the best tools include Microsoft’s PhoneFactor, Textpower’s TextKey and Google Authenticator. Feel free to browse them up and use whichever suits your palate.

As a startup founder or a small business owner did you face any mishap with your online platform? How did you survive? Or do you have some tips for fellow entrepreneurs to secure their site? Share it with us in the comments section.  

Article by Yangzum Lama