Website Security and GDPR

All websites are constantly under attack from web robots and hackers.

A successful security breach can cause your business and more importantly your customers’ businesses serious problems that require significant efforts to rectify (if that’s even possible).

Our websites are built using WordPress core software along with additional trusted and reliable 3rd party software (a WordPress theme and installed plugins).

Updates for all these elements are released by the developers on a regular basis.  Most of these updates are bug fixes and security updates, therefore if updates are not implemented quickly and regularly your site is more vulnerable to attack.

GDPR requirements for your website

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) took effect on 25 May 2018. It is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify existing data protection laws for all individuals within the European Union (EU).

The provisions of GDPR affect every website owner. Fines of up to 5% of your previous year’s annual turnover can be incurred for failure to adhere to the provisions. Full details can be found here.

We strongly recommend you carry out research into GDPR requirements relating to your site.

Customers are potentially providing sensitive personal information via the site, and you need to be clear about how you are storing it, for how long and who has access to it. This information should be explicitly provided within your on-site policy documentation. Building trust with your customer base is paramount to the success of the site.

GDPR measures for your website

At Beech Web Services we have researched the requirements in detail and take the following steps to ensure our customers’ websites adhere to GDPR:

Secure certification means your site will appear in the browser address bar with a ‘HTTPS’ prefix instead of ‘HTTP’ which is insecure.

The presence of a green padlock gives visitors the peace of mind that any personal data they share with your website will be encrypted as it is transferred between their device and your website’s server. Browsers will flag all non-HTTPS sites as ‘not-secure’.

reCAPTCHA is a free service that protects forms on your website from spam; hacking and abuse. It uses advanced techniques to differentiate humans from robots, analysing the way visitors use a mouse to reduce your site’s vulnerability to hacking.

Cookies are small files stored on a user’s device. They hold a small amount of data specific to a particular visitor and website. Customers must provide explicit consent to the use of cookies on your website.  As every website uses cookies of some description, every website needs to provide a way for visitors to provide consent.

GDPR requires website owners to publish information regarding their use of website visitors’ personal data. We recommend publishing a cookie policy, privacy policy and website terms and conditions as a minimum.   E-commerce sites should also publish terms and conditions of sale.  We advise all customers to seek legal advice over the contents of these documents but can provide customisable sample documents to get you started if required.

As WordPress is such popular software, it is frequently targeted by hackers.  Taking additional security measures makes your site far less vulnerable to hackers, and therefore keeps your customers’ data safe.

Old, outdated software is much easier to hack and GDPR regulations clearly stipulate that website software must be regularly checked and updated to the latest version.  This  to keep it secure and make it more difficult for hackers to find a way in and access your customer’s personal data. Not keeping your website software up to date therefore risks being in breach of GDPR.

An ongoing website support contract with Beech Web Services means we will regularly update site software on your behalf to give you full peace of mind.  Prices start from just £25 per month.  Contact us to find out more.

HTTPS hosting​

For sites hosted with us, we take responsibility for ongoing server management and technical support.

Our standard HTTPS hosting provides:

  • Configuration of your domain name to access your site files
  • Unlimited bandwidth
  • 99% network uptime guarantee
  • UK-based datacentre with gigabit connections
  • LiteSpeed web server and caching for optimal performance
  • Weekly security scans
  • Comprehensive firewall
  • Firewall, DDoS protection and CloudLinux as standard.
  • Regular virus and malware scans
  • Regularly updated servers
  • Fully optimised to support WordPress websites
  • Weekly full site backup (or daily for frequently updated sites)
  • Restoration of backed up version of site in the event of hacking/corruption.