Even if you’ve never personally experienced it yourself, you’ve more than likely heard news stories of websites getting hacked and data being compromised. While such events are understandably unfortunate, they do provide us with a reminder to remain vigilant towards our own web security, whether that’s for personal online browsing, social media, banking, or business.

If you are a business owner currently operating a website, what practical steps can be done to verify your website’s security status? Is there a one-click security audit that anybody can do for free? Yes, indeed there is. I know, it sounds too good to be true, but thankfully our good friends at Mozilla have got our backs. Let’s check it out.

Observatory Mozilla

The company behind this free security audit is Mozilla, or the Mozilla Foundation. Can you trust them? Here’s a statement taken from their website:

Mozilla is the not-for-profit behind the lightning fast Firefox browser. We put people over profit to give everyone more power online.

So, they’re a not-for-profit that built a browser, which unlike Google Chrome has no interest in tracking you and selling your data. Sounds good enough for me. If you’d like more information, feel free to check out their website at Mozilla.

The website that we will be going to use is Observatory Mozilla. Let’s head there now. As you can see it really is just a one-click operation. Enter your website name into the input bar provided, or feel free to enter in my website https://randomforestweb.com if you would like too. Below the input bar, we see three options regarding how you would like the audit to be conducted. I personally opt every time to click on items 1 and 3. If you’re already to go, go right ahead and click “Scan Me”. It really is that simple. Depending on your site, it may either take a few seconds or a few minutes for the security audit to have reached it’s completion. Are the results in? What score did you get? I just scanned Youtube, and they got a B (as of 7/23/2004). Not bad, but could be better.

Implementing Security Fixes

Now that we have our results, the question now is where do we go from here? If you got a perfect score, then there might not be anything for you to change, but what about if you didn’t get a perfect score? Well, if your score was less than satisfactory, then it’d be best to bring this to your web developer’s attention. Depending on your website, a lot of these changes can be implemented very quickly and easily. But, what about if you don’t have a web developer? If you built your site using WordPress, then you may be able to search online for certain plugins to help fill in the security gaps. If, however, you built your site using a proprietary website builder, then you’ll have to either search online for an answer or contact them directly to learn more.

Keeping Perspective

It’s important to keep in mind that today’s security audit was just one of several that are necessary to provide a comprehensive portrayal of your website’s security. Additionally, no matter how many security practices a website has implemented, no website is 100% impervious to attack. It’s a sad truth, but I wouldn’t be doing my job properly if I neglected to say it. It’s our job as web developers to keep up to date on security practices to ensure that we are always doing our best to protect our clients' digital assets.

Here at Random Forest Web, we take web security very, very seriously and treat each of our clients’ website as if it were our own. We know how important your data is to you, and it’s just as important to us. If you’d like to learn more about how we can protect your website, feel free to drop us a line. Thank you for reading.