To put it bluntly, nothing is truly secure, in the same way that nothing is truly private. There is no such thing as hack-proof.
This is important to understand, because the illusion of security is a dangerous thing. Believing you are secure leads to complacency, and when you are complacent and lazy, you make yourself a target.
The trick then, be it for web security or personal security, is NOT to make yourself “secure”…rather, it is to make yourself secure enough.
What constitutes secure enough varies wildly depending on who you are, or what entity you represent. A mom and pop small business website isn’t a terribly tempting target to hackers. Because of that, they will put very little if any effort into gaining access, focusing only on the most simple of vulnerabilities (poor password, common security flaws in the CMS, etc.) To make yourself secure enough against hackers like that takes very little time and effort (in fact, simply using a web host like WPengine would probably be sufficient).
However, if you are a major corporation, or a country…well, your security needs become something very different. If you are a high profile target, hackers will be willing to expend more time, effort, and money to gain access. For an entity like that, secure enough will mean something vastly different (large teams, massive resources, etc.)
In talking about the illusion of security, it is also critical to point out that security is not something you “do” once and it’s done. It is not like locking your house, or your car. Security is a mindset, something you think about and work towards constantly. It’s keeping things updated, plugging security holes as they are found, changing passwords, changing routines, being aware of your surroundings, and so many other fine points.
So, in a world where you can’t be 100% secure, how do you make yourself secure enough? Here are a few key steps:
1 – Keep a Low Profile – As much as possible, avoid making yourself a tempting target. If you are a private company, keep your financials private, avoid picking sides in heated online discussions, don’t endorse political candidates. If you are an individual, be careful what you say and what pictures you share on social media. Don’t flaunt wealth, if you have it. Don’t make enemies.
2 – Think About Security – Whether working on your website, or posting to social media, try to think carefully about the potential ramifications of what you are doing. Are you installing a plug-in that you aren’t sure is secure? Are you logging in to your bank from public WiFi? Are you using good passwords? You need to train yourself to be security conscious.
3 – Don’t be an Easy Target – Hackers are lazy. If you keep a low profile, the only hackers you are likely to encounter are script kiddies, and they have a low tolerance for difficulty. Have a very secure password, use 2FA (two-factor authentication), host your websites on a secure web host. Don’t use the same password in multiple places, don’t use public WiFi without a VPN. In general, don’t be stupid.
While these steps can’t keep you 100% secure, they can get you to 95%, maybe even 99%, and for the average Joe, that is secure enough.