Your website is a valuable asset, and there are plenty of people prepared to rob, exploit, plagiarise and vandalise it. When you record information about visitors and customers, you become exposed to legal penalties if you don’t protect it. Most website packages relieve you of some burdens, but it is still important to follow safe practices.
You need regular backups
Websites can be cumbersome to manage, and many owners forget how important it is to keep safe copies of their work and data. When anything goes wrong, it leaves you with big problems and possibly no way back. Most hosting providers offer weekly backups, but that isn’t enough when you are working hard on your design. Be aware that many cheap packages simply deposit that backup near your original website files, which means they are easier to restore but less safe. You should download a copy, too.
Monitoring your network
Does your host promise to monitor their network for intrusions and other unusual activity? Most have some precautions, but it is worth checking their routines and their policy for warning customers. You should also keep an eye on your own traffic; installing a traffic analysis plugin can help you to do this.
An SSL certificate is partly encryption software and partly an identity verification service. What it means in practice is that your data exchanges with your visitors are securely encrypted against prying eyes and interference. Once installed, your visitors visit the site using the HTTPS protocol instead of plain HTTP. An SSL certificate is absolutely essential for sites that collect visitor details, especially shops. Browsers will flag you as unsafe without one. A cheap certificate is adequate for a small business, and some packages include one free (see https://www.names.co.uk/web-hosting for some options).
Many packages include email boxes, but website email boxes are the target of vast amounts of junk mail. Make sure you can set up spam filters to keep it out.
Administering a website is a bit like administering a server. You need to assign users and “members” a status that defines the things they can and cannot do. The fewer people allowed direct access to files and setup controls, the better. Never award anyone privileges they do not need, and don’t forget to remove those privileges when they are no longer necessary.