Website Security Basics

R Proffitt
by Richard Proffitt
iopan design

Listed below are 11 tips on maintaining website security. If you think that a Hacking or a Cyber-Attack can't happen to you then think again. Consider making the following changes to increase the security of your sites.

1. Keep Versions Updated

This is one of the simplest ways to stay a step or two ahead of the hackers. By downloading the newest versions and updates of Windows, WordPress, and your antivirus platform, you can make your applications or website just tough enough to crack. That way, hackers won’t bother with your site and instead move on to some other site whose owner hasn’t been as vigilant.

2. Strengthen Your Passwords

If Your passwords are anything like the following: “123456”; Your Spouces Name; Your Birth Date; “QWERTY” or any other such simple type of configuration, then now is the time to change it. People can be surprisingly lax when it comes to choosing passwords for even their most sensitive accounts.

Pick strong ones and and use different ones for your banking info and email, your Social media accounts, and your FTP accounts – otherwise, your info and your site are vulnerable.

3. Lock Down File Permissions

Do you know what your file and folder permissions are set at? Some applications require them to be set at the open “777” to install, and then most of us forget to set them back to either “755” for folders or “644” for files. Double check yours to make sure.

4. Be Aware of Your Links

Do you really know what kind of site you’re linking to from your site? According to experts, so-called “open redirects” are a major cause for attacks that are perpetrated through browsers. We all know what happens when we click on a bad link; now imagine what the result will be when you put a bad link on your site. It’s always best to trust completely any site you link to.

5. Use FTPS for Transferes

Make sure all your FTP transfers are done using SSL.

6. Use SSL to send emails

Use this especially if, somewhere in any of your millions of untrashed emails, you’ve ever sent sensitive info via email.

7. Does Your Web Host Run suPHP?

Under normal PHP, scripts run as “nobody,” your script is open access. With suPHP, access is limited to the user or to those explicitly granted permission. Not all hosts use suPHP, so make sure your host does and set up another potential roadblock for hackers.

8. Choose a Host with Good Security Features

Not all hosts are the same when it comes to ensuring your website’s security. Not all offer round-the-clock active server monitoring, or even suPHP (see above), so choosing a host that takes your security seriously takes a little legwork.

9. Consider Using a Virtual Private Server (VPS)

If your website is your livelihood, then it might be the case that no amount of security talk and password strength can make you feel safe enough. If your site is critical to your operations, then you might want to consider VPS hosting so that you can have peace of mind.

A VPS is inherently more secure due to its separation from other sites, and you can create custom firewalls and install other security measures that most hosts won’t allow on shared accounts. Basically, a VPS allows you to take a more active role in your website’s security.

10. Consider Using HTTPS

HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages.

11. Remain Aware of Security

If you know what you’re looking for, then you’re making a hacker’s job more difficult. Most hackers, if they come across a site that’s locked down tightly, would just as soon move on to another that offers easier access. You can make your site not worth the trouble by regularly scanning your logfiles for code that doesn’t belong and basically just being aware of what’s going on inside your site.

Wordpress Security

If you are running a Wordpress site then there are numerous things that you could do to improve the security. There are also a number of useful security plugins that you may find helpful. Take a look at the link below to the article ‘Improving Security on Your Wordpress Site’.

I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image.

- Stephen Hawking
brocken padlock on computer screen

Pellentesque convallis nisl sit amet lacus luctus vel consequat ligula suscipit. Aliquam et metus sed tortor eleifend pretium non id urna. Fusce in augue leo, sed cursus nisl. Nullam vel tellus massa. Vivamus porttitor rutrum libero ac mattis. Aliquam congue malesuada mauris vitae dignissim. ❧