Home Internet Security 17 Essential Tips to Increase Your Website’s Security

17 Essential Tips to Increase Your Website’s Security

Posted: July 13, 2012

The website is the front line of your business. It represents your business and presents your vision and goals. Also, it is like the top of an iceberg as your potential customers and partners only see what is above the water and do not notice what information is below the surface. Attacking the top of the business iceberg may be crucial to all of it. How that is possible? It is quite clear, a website is a public information vehicle which is usually stored together with company email, CRM, project management solutions, internal social network and local file sharing server. A website is not so interesting to cyber-criminals, as what is beneath it. Therefore, a website's security is very important. If all your data is stored in the same server, you must protect it.

Here are some main tips for better website security that may save your business and millions of dollars:

  1. Hide login pages. All websites have content management systems, which allows you to edit them online. Please make sure there is no link to the CMS login page.
  2. Choose different URI for login page. Website.com/admin is a common name which can be guessed. Use different URI, for example website.com/adm_en.
  3. Select unique login names. In the majority of cases, the administration of the website is done by the username admin, which is used by all the users of the CMS. Be creative and use nicknames (real names may also be guessed).
  4. A strong password is an essential security step. Your name, spouse, children names, and dates can easily be guessed. Generate some special passwords like brth198!m!2d@8 (that is the real birthday).
  5. Change passwords every month. Set the new ritual. Every first Friday of the month may be your 'password change' day. Do not tell about this secret date even to your family members.
  6. Limit your employees' login IPs. Set the rule in .htaccess file that login page is only available if accessed from a specific IP. The IP must be checked by the employees who work with the site. Sometimes their home IPs need to be added to allow them to work from home.
  7. Get good quality web hosting service with that has security services. Read your service level agreement (SLA) carefully and make sure hosting includes some serious security measures. Also, make sure it clarifies who is responsible for security breaches.
  8. Use additional security applications on your server. If you have a Cloud VPS hosting, you can manage all the security issues yourself. Make sure your IT administrator does the task of taking all the needed measures to secure the website.
  9. Make backups. The backup is not a security issue, but it will guarantee, that in case you are attacked, your data can be restored.
  10. Update your applications. Always keep your software up-to-date. The updates usually fix the security issues that application developers have discovered, so make sure they are installed immediately after the release. This is crucial to all open source and free CMS.
  11. Scan for vulnerabilities. Use various website vulnerability scanning tools. They can show all the trials made to infect your website with various malware.
  12. Use SSL certificates. The SSL encryption is a serious way to protect your websites that deal with operating user data. Even if you have just a simple website, SSL may be useful for securing your internal login pages or your subdomains such as mail.website.com.
  13. Make sure your website code is valid and fixed. Every error may be used for virus injection and later for stealing your data. Valid code should be in your contract with website developers.
  14. Use Web Application Firewall (WAF). WAF is a special feature which also helps protecting your website.
  15. Bigger websites may use free or professional CDN (Content Delivery Network). This service also protects websites from the attacks.
  16. Explain the rules of secure browsing and information flow to your colleagues, who work with the website. Their recklessness may be a liability to the entire company.
  17. Secure all the subdomains, as they may be used for intrusion to your server.

One Comment

  • Hina says:

    I didn't have the virus. But I still got Norton alert saying that I did and after ruinnng scans it said the same thing. So I did the removal tool again and it said that I didn't have the virus but I'm STILL getting the alert to say I have a virus!!I am currently trying something else that someone else suggested, which was locate the file that had the virus (a downloaded music album), restart the pc in safe mode. delete the file, restart in normal mode. I have done this and am now scanning to see what it says.Has anyone else had this or have any idea what I can do to fix it. I can't really afford to pay for someone to do it.

Loading...