How to Keep Your Real Estate Website Safe and Secure
The Internet is a vast space and resource you can easily explore with just a couple of taps and clicks. It’s one of the reasons why real estate agents like you should utilize it well. That said, it’s just as easy for criminals to get a hold of not just your personal information, but your clients’ as well.
Since more and more people are moving online to conduct their real estate business and transactions, security is more important than ever. Here are ten best practices for your real estate website that will ensure a safe and secure browsing experience for you, your clients, and even those who are just looking around.
Get an SSL certificate
SSL or Secure Sockets Layer is one of the things that can help your real estate website remain safe. Through it, online data is encrypted and gets to pass through a secure connection. This makes it hard for malicious entities like malware attacks and hackers to gain access to your real estate website’s information.
You can tell a website has an SSL certificate if their URL has HTTPS at the beginning of the URL. Google has also been marking websites since 2018. Look at the address bar. If it has a green padlock and a “Secure” label, the website is implementing an SSL certificate. If it’s not, you will see a warning sign and a “Not Secure” label.
There are different kinds of SSL certificates, but you won’t have to worry about which one to choose.
If your real estate website is already SSL certified, take the next step and add Transport Layer Security (TLS) to encrypt data and guard your website from any breaches. Read more about it here.
Change your username
The default username for most admin accounts is none other than “admin.” And unfortunately, a lot of people don’t bother to change this and instead just rely on a strong password to keep their account safe. So, instead of having to figure out two answers to two different questions, hackers only have to concentrate on getting passwords right.
It’s time we rethink usernames. It’s one more thing hackers have to guess and an added layer of protection for your admin account and real estate website.
Use a strong password
Nobody can deny the power of a strong, unguessable password. Without it, hackers won’t gain access to your real estate website. All of the information and data in the platform will be safe from their hands.
Unfortunately, a lot of people undervalue passwords. It’s a common practice for people to use words associated with things they like or love, plus their favorite numbers, as their passwords. Others do the ultimate faux pas: using one password for all of their accounts because they’re afraid they might forget it. And in doing so, they compromise all of their information online.
There are two things to remember when creating a password. First, it should be at least eight characters long. Second, you should use both upper- and lowercase characters, as well as symbols and numbers. Third, avoid using memorable keyboard paths and common substitutions. Learn how to create a strong password here.
Memorizing and remembering passwords, however, can be a challenge. Instead of writing them on a piece of paper, we recommend using a password manager like 1Password or LastPass. These websites and apps act as digital vaults where you can store your passwords. You only need to remember your master password to access the vault.
Add security plug-ins
Although WordPress already comes with its own built-in security features, it wouldn’t hurt to add extra layers of protection to your real estate website. But with over a thousand security plug-ins available online, you can easily go overboard and invest in systems that don’t necessarily work.
For starters, consider additional plug-ins that add a firewall, scan for malware, and perform regular security audits. There are five security plug-ins that are trusted in these areas. Plus, they offer a ton of other functions that will make your real estate website even more secure. If you would like to explore your options, get in touch with us today.
Boost your personal computer’s security
Hackers, scammers, phishers, and all sorts of malware are not the only things that pose a threat to your real estate website. Your own personal computer, especially if it doesn’t have its own security features, can be a risk as well. How does that happen?
Instead of attacking websites directly, there are malicious entities online that use your personal devices as a means to get to your site (and others). They do this by stealing File Transfer Protocol logins and then leaving files of dubious origins on your computer. Your device can also get viruses and malware if you use it to download files frequently.
Fortunately, boosting your personal computer’s security is a simple task. All you need to do is install a trusted antivirus software on your computer (and devices, if possible) to prevent any security breach.
Make backups of your real estate website
There is simply no telling what can happen to your real estate website. All is not lost, however, especially if you have an off-site backup stored somewhere. Since Agent Image real estate websites are built on WordPress, we can easily restore your website just as it was before the accident happened.
To be sure, don’t keep just one backup of your real estate website. Whenever you have new changes implemented to it, make a backup of the website’s latest version. This is a better and faster way to get things back up and running smoothly again. Check out the best cloud backup services here.
Restrict user access
Did you know that about 95 percent of cyber security attacks are caused by human error? And if a lot of people have user access to your real estate website, all the steps you’ve taken to ensure you don’t endanger its security might as well be for naught.
The thing is you’ll never know when a cyber security attack will happen and if it’s caused by you or somebody else. To lessen the likelihood of that from occurring, limit the user access to your real estate website. We also call this the principle of minimal privilege or least authority.
A small number of people might have user access to your real estate website, capable of changing settings and whatnot. They could be members of your team or somebody you have hired to maintain the site. To minimize security risks, make sure that they only have high-level user access when they need to perform tasks.
Limit file uploads
It’s not a common feature for real estate websites to allow visitors to upload anything on the platform, but if you are thinking of enabling this for some reason, take care to limit file uploads. Here’s why.
The personal computers of your visitors might not have antivirus software installed. And, as a result, they might unwittingly upload infected files to your website and compromise the platform’s security.
You have the option not to let visitors upload files entirely, but if you would like this feature on your real estate website, there’s a solution. Instead of uploading the files directly to your site, they can be stored in a remote database or folder. Then, the files can be fetched from this location using a script.
Update your software regularly
Security software and plug-ins are updated from time to time. This allows them to perform their functions smoothly and maintain the safety of your real estate website. So, when you get a notification that they need to be updated, do so.
Hackers are always looking for things they can exploit in order to gain access to platforms and, unfortunately, outdated security plug-ins, software, and themes are just some of these things. They can contain bugs that should have otherwise been fixed by the updates that were rolled out.
WordPress products receive automatic updates. You can also change the settings of your antivirus software to do that as well. Meanwhile, WordPress plug-ins need to be updated manually.
Check audit logs regularly
Another thing to keep track of is the activity in your real estate website, especially if multiple people, such as contributors or your team members, have user access.
There’s a handy WordPress plug-in (WP Security Audit Log) that performs audit logs, letting you know what everyone has been up to. This is a great way to spot suspicious activity such as multiple failed logins which can either be a simple case of human error or malicious activity. You can opt to check the audit log manually or also receive regular reports as well as email notifications.
Agent Image has built over 20,000 websites over the years. Here is what our CTO, Bernd Rennebeck, suggests to do to keep your website secure.
“Making sure to keep your logins secure is the first, and one of the most important steps in maintaining good security hygiene. Start by following the NIST password recommendations. Use a strong password such as a long, random string of alphanumeric characters or a more memorable random word-based password. Make sure to sign up for haveibeenpwned to get notified if your account shows up in a data breach and use the ‘pwned password’ checker before using a new password so that you know the password hasn’t shown up in a previous breach. Just by following these steps, your accounts will be much more difficult to crack.”
Make your real estate website safer than ever
Agent Image’s goal is to create beautiful and functional real estate websites that offer a safe and secure browsing experience.
Contact Agent Image today for a free consultation or give us a call at 800.979.5799 to learn about all the measures we can take to make your real estate website 100 percent safe from cyber threats and attacks.
Did you enjoy reading this article?
Sign up for more updates with our Agent Intelligence Newsletter!
We are committed to protecting your privacy.