<img alt="" src="https://secure.leadforensics.com/146009.png" style="display:none;">

3 Internal Steps You Can Take NOW To Protect Your Website From Hackers

Hacker with hoodie on black laptop

In today’s world, what is the most important thing someone can steal from you? Someone might steal your new iPhone 11, the keys to your BMW i8 Coupe, or maybe even your wallet.

Those are some pretty important things that would make life tough if you lost them. But there’s something even worse you could lose. Something that you might even consider. The most important thing you can lose is invisible and, in fact, it’s not even physical.

It’s your data.

Hacker with hoodie on black laptop

When I say data, I’m using it as an all-in-one encompassing term for any sort of information you’ve provided on the internet, whether it be the info you use to access different accounts (like login credentials) or information stored in some database (the records of customers you’ve had business with). 

Genuine data is difficult to imitate, and hackers want to steal your data for a variety of reasons:

  • Blackmail
  • Money
  • Identity Theft
  • Anarchy

Regardless of the reason, if your site gets hacked, it takes money and time to fix it. Even if it does get recovered, your reputation takes a toll and you may lose potential clients in the long run. The good news is: You don’t have to take hackers sitting down. You and your team can take steps internally to protect your website and your data.

So before disaster strikes, let's take a few internal steps to protect yourself and your business.

1. Stop using "yourBirthday123!" as your password online for everything. 

If you didn’t realize already, your email is publicly available to anyone who wanted to grab it by a simple google search. Once they learn what your email is, they’re pretty much halfway there to access any account under that email. There has been a recent push for sites to require passwords to have numbers, uppercase, and symbols but some of the bigger platforms such as HubSpot and Google don’t strictly enforce these requirements. 

Avoid using any form of your name, birthday, pets, and consecutive numbers in your password if possible. Also, never use complete words that can be found in the common English dictionary.


A sure-fire way to create a strong password is to make up a phrase from your favorite tv show or movie, but spell it in a way you can uniquely remember it. Remember the show Malcolm in the Middle? The first opening lines of the theme song is: 

“Yes, no, maybe? I don’t know. Can you repeat the question?” 


That beginning phrase can be turned into a password like so, “y35N05be?” 

The key to making this work is to replace characters with numbers, use numbers as months, use the first character of words, and use symbols to replace the word. As a last resort and if you have a hard time remembering complicated passwords, use a secure password manager like LastPass. But remember to create your master password extremely secure, or else you’ve defeated its purpose. 

2. Segment your passwords online.

Never use the same strong password for everything! If the singular password that you use for everything gets stolen, you would have to change that password across every single account you used it on. 

By segmenting specific passwords across to specific accounts, you’ve created a system that protects you from a singular point of failure, meaning you would only need to replace the password associated with those specific accounts instead of replacing them all!

3. Use Two-Factor Authorization everywhere with diligence. 

Two-Factor Authorization is a form of security that requires two forms of identification to access your account. Usually, those two forms are your password and a number passcode generated to expire within a given time-frame by a Two-Factor App like Duo or Authy

Although this seems like an extremely secure option to safeguard all your accounts, it should be used with caution to secure your account depending on your business. For example, if your entire IT team needs to access your domain hosting site, a passcode for your Two-Factor will be generated and need to be handed off to your IT before each passcode expires. This wastes your time and theirs to communicate each passcode. 

Hire A Team Of Experts To Keep Your Website Safe

This isn’t a foolproof guide to 100% guaranteed protection from hackers, but it will at least provide the knowledge and internal steps to protect your business. If you have a site that is more at-risk for hackers, such as a Wordpress or e-commerce website, you should consider hiring a developer to monitor your site and take action should hackers get their way inside.

Want to take the next steps for your business? Schedule a free consultation with us. The ROI Online team has helped dozens of businesses create stunning websites. We follow best practices to keep your site secure, and our team is available to help if something should go wrong.


Schedule A Strategy Session

Subscribe to Email Updates