Table of Contents

Closeup of screen showing secure website code

Our Website Security Best Practices

There are 800,000 cyber attacks yearly, with one happening roughly every 39 seconds. To keep websites secure and running, brands must build and maintain websites with proper security measures.

Forge Apollo’s Philadelphia-based website development team has built and maintained hundreds of secure websites. This includes clients in primarily targeted industries, like healthcare and finance. Today, we’re walking you through the top security measures we take when building our websites and what we do to maintain their security going forward.

Website Security Factors When Building a Website

When thinking about how to secure a website, the two most important factors are which CMS you build the website with and where you host the website.

Content Management System (CMS)

A CMS, or content management system, is the software for creating, managing, and modifying website content. There are a lot of factors that contribute to choosing the best CMS, but one of them is security.

Choosing a CMS and plugins with developers that keep them well-maintained is vital for the ongoing security of your site.

“Hackers are always looking for vulnerabilities in sites,” Forge Apollo’s Senior Website Developer, Rabeah Abbas, says. “As vulnerabilities are discovered, developers of plugins, themes, and WordPress itself update the code to fix those vulnerabilities.” 

Forge Apollo chooses WordPress and specific plugins that we know receive regular development updates to protect against vulnerabilities.

Website Hosting

Choosing the best website hosting provider is also crucial because different providers offer different security measures.

We choose WP Engine for our WordPress sites partially due to its security features. The most important is their proprietary firewall, which automatically directs good, bad, and malicious traffic to or away from your site.

SSL Certificates

An SSL certificate is a data file that establishes an encrypted link between your browser and a server. It stands for “Secure Sockets Layer” and protects data passed between sites and servers to prevent hackers from accessing it in transit.

For example, when you fill out a form on a website, that information is sent from the site to a server. Without an SSL certificate, a hacker could intercept that information.

Websites that start with “https://” instead of “http://” have SSL certificates. They protect security and help SEO in that Google will prioritize a site with an SSL certificate over one without a certificate if the content is the same.

Forge Apollo understands the importance of SSL certificates, so we provide them to our clients for free. Most agencies, however, do not provide these certificates for free.

Maintaining Website Security

Remember earlier when we said that hackers are always looking for vulnerabilities? Because of that, it’s vital to actively maintain website security over time. It’s a matter of when, not if, hackers will find a vulnerability on any tiny aspect of your site. But actively monitoring and updating your site can make that “when” a minor blip instead of a significant breach.

Forge Apollo takes a multi-faceted approach to ongoing security for our websites.


We monitor all our sites for malicious activity to catch anything suspicious quickly before it does damage.

This monitoring isn’t only reactive, though. We also proactively monitor the need for updates across plugins, themes, or WordPress itself.

Making Proactive Updates

Remember how we said before that choosing a well-maintained CMS and plugins is important? While developers create patches for discovered vulnerabilities, it’s up to website owners to update them. The longer your site goes un-updated, the more vulnerable it is to hacking.

According to Rabeah, “Monitoring for updates is one proactive way to stay on top of potential security issues from affecting your site.”

We regularly check to ensure PHP and SQL are the latest versions and that themes, plugins, and WordPress are up-to-date.


In addition to updates and monitoring, some active protections can keep your site safe.

For example, WP Engine automatically prevents certain files, file types, and directories from being publicly accessible. This prevents hackers from exploiting common attack techniques.

We also employ User Enumeration Blocking, which prevents usernames from being scraped from the site. This helps to prevent brute force attacks that would take the site down.


If something does become infected with a virus or malicious code, some techniques can limit the damage to your site before the hack is detected.

File segregation ensures that an infected site on a server doesn’t affect others. For example, if one of the websites we host got a virus, it would not easily spread to the others we host.

We also use disk write protection to prevent malicious code from running. Disk write protection provides a layer of security that prevents or limits malicious code from running on the server.

Rabeah shares the example that “if you use a plugin or theme on your site that happens to have a security vulnerability, disk write protection could prevent that code from running, or at the very least mitigate how quickly it can damage your site.”

Contact Forge Apollo for a Secure Website

The concept of website security might seem intimidating, but having your website hacked is even more terrifying. You don’t have to face security alone when running your website.Our web design company in Philadelphia is dedicated to securing our clients’ sites. If you’re concerned about how to make a website secure, turn to our trusted team today. Contact Forge Apollo today to discuss your next website project.

About the Author

Read More


Don’t Miss Out