How to secure your website: 9 steps (with pictures)

Table of contents:

How to secure your website: 9 steps (with pictures)
How to secure your website: 9 steps (with pictures)
Anonim

In this article, we will tell you how to protect your site from attacks. Be sure to use an SSL certificate and HTTPS protocol; there are also other ways to protect websites from hackers and malware.

Steps

Secure Your Website Step 1
Secure Your Website Step 1

Step 1. Update your site regularly

If your site's software, security, and scripts are not updated, it can be compromised by intruders or attacked by malware.

  • The same applies to patches from your hosting (if any). If there are new patches available for your site, be sure to install them.
  • Also renew the site certificates. Although they affect security only indirectly, it ensures that the site continues to appear on search engines.
Secure Your Website Step 2
Secure Your Website Step 2

Step 2. Use security software or plugins

There are various website firewalls that you can subscribe to and provide real-time protection; also some hosts (eg WordPress) provide plugins to protect sites. Therefore, we recommend protecting the site with software, just as you protect your computer with, for example, antivirus.

  • Sucuri Firewall is a great paid firewall; free firewalls or site protection plugins are available from WordPress, Weebly, Wix and other hosting services.
  • Web application firewalls are usually cloud-based, which means you don't need to download and install them on your computer.
Secure Your Website Step 3
Secure Your Website Step 3

Step 3. Prevent users from uploading files to the site

If you do not do this, the security of the site will suffer. If possible, remove from the site anything that allows users to upload files to the site.

  • If you cannot prevent uploading files, only allow certain file types to upload, such as-j.webp" />
  • You can also create a mailbox, and specify an email address on the site so that users can contact you by email. In this case, users will send files to email, rather than upload them to the site.
Secure Your Website Step 4
Secure Your Website Step 4

Step 4. Install the SSL certificate

It confirms that the website is secure and can exchange encrypted information between the server and the user's browser. Typically, you have to pay for the use of this certificate once a year.

  • On a paid basis, an SSL certificate is distributed, for example, by GoGetSSL and SSLs.com.
  • Let's Encrypt issues this certificate for free.
  • When choosing an SSL certificate, three options are available: domain verification, business verification, and advanced verification. Google requires business validation and advanced validation to display a green security icon to the left of your website URL.
Secure Your Website Step 5
Secure Your Website Step 5

Step 5. Use the HTTPS encryption protocol

When you install an SSL certificate, the site will be entitled to HTTPS encryption; to activate this protocol, install an SSL certificate in the Certificates section of your website.

  • Some hosts, such as WordPress or Weebly, automatically enable HTTPS protocol.
  • The HTTPS certificate is renewed every year.
Secure Your Website Step 6
Secure Your Website Step 6

Step 6. Set up secure passwords

A strong site administrator password is not enough - create complex random passwords that are not used anywhere and store them off-site.

For example, use a 16-character set of letters and numbers for your password. Save this password to a file on another computer or hard drive

Secure Your Website Step 7
Secure Your Website Step 7

Step 7. Hide the administrator folders

If the folder with confidential files is called "Admin" or "Root", this is convenient, but unfortunately, both for you and for hackers. So rename the folders to something mundane like New Folder (2) or History.

Secure Your Website Step 8
Secure Your Website Step 8

Step 8. Simplify error messages

If there is too much information in such a message, hackers and malware can use it to find and access the root directory of the site. So just add a short apology and a link to the main site in the error message.

This applies to all 404 to 500 errors

Secure Your Website Step 9
Secure Your Website Step 9

Step 9. Hash passwords

If user passwords are stored on a website, do so in a hashed form. Inexperienced site owners store passwords as text, which makes them easier to steal if the site is compromised.

Even big sites like Twitter have made such mistakes in the past

Advice

  • Hiring a web security consultant to review site scripts is the fastest (but also the most expensive) way to address potential vulnerabilities.
  • Test your website with a security scanning tool (such as Mozilla's Observatory) before launching it.

Popular by topic