Intermediate to Advanced Website Security
03 Dec 2012
There are a lot of ways to make your website more secure. In last week’s blog post we went through a list of some of the basic, yet effective, ways to make your website and online assets more secure. This week we’ll be covering intermediate to advanced website security.
Technical Website Security
Here’s a list of some slightly more technical website security issues and their respective action plans to remedy the situations.
Database vs. No Database
HTML websites might not be the most common anymore but in some ways they are more secure. You don’t need a server to serve your pages to the masses online. Servers are often shared between multiple sites. If one site has a weakness or vulnerability a hacker could conceivably gain access to the database, and in turn your site.
Action Plan: Building yourself a brand new website coded in HTML simply isn’t a reality for everyone. As Mentioned before, the vast majority of sites these days are built on a CMS. The best thing to do, if you can afford it, is to purchase a dedicated server so you aren’t sharing space with other, potentially less secure websites. If using shared hosting, request a dedicated/static IP address to avoid getting blacklisted by search engines, especially if one of the other sites on a shared server gets flagged.
Avoid Using FTP
Often there is a need to move files around, upload new ones and delete old documents from the backend of your website. Everything done in FTP is wide open in terms of lack of encryption. Even login details such as username and passwords are easily located by others looking to use your file transfer protocol transfers as a backdoor into your site. You need to use something more secure.
Action Plan: Use a secure file transfer protocol (SFTP) or a secure shell (SSH) to move files on and off of your server. Using either an SFTP or an SSH to make your transfers keeps your files encrypted and your login details secure. There are many free and premium versions available for download and use online.
Online File Transfer Security
A lot of websites don’t simply deliver information. Many sites these days are active businesses that accept money transactions for their goods and services. Transferring sensitive financial data across an insecure website can be hazardous for your business, your reputation and your purchasing customers. Having a website that is encrypted and secure for online transactions is the way to go.
Action Plan: Buying a secure sockets layer certificate (SSL) will add both a level of trust to your website for online shoppers as well as encrypted security that will allow transactions to be processed online with little to no fear of hacking. Having an SSL installed on your site can even increase your sales due to consumer confidence. If you process online transactions make sure it’s done in a secure manner.
Scanning For Viruses
Sometimes no matter how secure we make our websites a virus or unwanted file will slip through the defenses and make it’s way into your database. If you suspect your site has been infected it doesn’t mean it’s time to scrap it and start from scratch. There are scanning systems, both online and for install, that will allow you to check your website for malware, viruses and suspected corrupted files on your database.
Action Plan: Use one of the scanners linked below and check your site for viruses and malware and put it back to normal with a thorough removal process:
Keep in mind there are more scanners than these listed above. Do a search online and use the scanner that works best for you and your site.
Website Security Wrap-up
Keep in mind that ultimately nothing is completely secure. If a professional hacker really wants to get into your backend they can probably find a way but these online criminals generally look for the low-hanging fruit on the internet tree. They look for weak and vulnerable sites that will provide easy access and move to infiltrate those sites more often than not.
If you go through the protection list above you’ll find yourself closer to the top of the tree and make it that much harder for hackers to access your site. The harder it is the safer you are.
Be vigilant, a secure site makes all the difference.
Here’s more blog posts that will help secure and optimize your website for better results: