Building a secure site is easier said than done. Most businesses are digital nowadays and the target is the millions of users online. It then therefore boils up to one thing, ‘build a website to reach them.’ Building a website could be the simple part but securing it is the other neglected part. I will therefore focus on how to Build a secure site in simple easy to understand steps. Be sure to follow till the end to capture all the steps. You may be wondering, why bother about website security? Well, hackers can turn your site into a malicious spy bot in no time, sending sensitive user data to hackers without your knowledge. On the extreme, they can hack into your website databases and destroy or temper with vital information, injecting your content with malicious links and even hijack the hosting server to be used in botnet DDoS attacks.
So build yourself a site, secured by a known company like Thawte, which secures services, protect the privacy of your visitors, etc. It’s especially important in sites that people spend their money in. In these kinds of sites you can offer the users to pay with secured payment methods like PayPal. Online gambling sites for example usually offer their players to pay with PayPal. A paypal casino site or any other site with paypal will show the user how commited to security the site is.That said, let’s get to business:
Steps in Building a secure site
- Select Your CMS and a Webhost
- Keep All Software Updated
- Web Application Firewall (WAF) to Protect Your Site
- Switch to HTTPS
- Strong Passwords
- Hide Admin Directories
1. Select Your CMS and a Webhost
CMS stands for Content Management System. This refers to the actual medium or mechanism you build your site with. Building a website in recent years has been made easy by the availability of CMS systems such as WordPress, Joomla and Drupal without touching a single line of code. This could look like the best deal for a majority of the newbies out there. Regardless of the site you are building, these CMS systems my have loopholes and you have to be carefull in selecting the one to use.
A web host refers to the platform on which the files of your site are stored. Some web hosts are free whereas others are not. Check whether a web host offers Secure File Transfer Protocol (SFTP) which makes uploading files much safer. Most of them also allow for file backup services and have a public security policy showing how well they keep up to date on security upgrades
2. Keep All Software Updated
Regardless of whether you website was built by lines of codes from scratch or on a CMS, you have to ensure that all the software running on the site is updated. CMS managers such as WordPress, Joomla and Drupal release updates and patches to ensure their systems are less vulnerable. Ensure you run the updates. Furthermore, if you are using any plugins, keep track of the updates.
3. Web Application Firewall (WAF)
It is in your best interest to have a security system in place to act as a line of defence against potential malicious attacks. This is where the Web Application Firewall (WAF) comes in handy. It has the ability to inspect incoming traffic, provide and weed out malicious requests thereby offering protection from SPAM, brutal force attacks, SQL Injections, Cross Site Scripting and other attacks. Look at it as some type of website antivirus. Automated bots are out there scanning for vulnerable websites, and newly created sites are an especially tempting target. Adding a web application firewall (WAF) such as Cloudbric, Incapsula, or Cloudflare, will secure your website before the attacks start.
4. Switch to HTTPS
HTTPS or Hyper Text Transfer Protocol Secure, communications protocol that is used to safely transfer sensitive information between a website and a web server. If your site is on the HTTPS protocol, it essentially means that it has an extra encryption layer of TLS (Transport Layer Security) or SSL (Secure Sockets Layer) on your HTTP making your users’ and your own data extra secure from hacking attempts. If you’re going to have users registering on your website, and especially if there will be any kind of transaction either via PayPal or any other payment gateway, you need to encrypt that connection. Using SSL certificates creates a secure handshake between your website and clients’ devices, ensuring that no third-party can covertly slip in between and monitor, hijack, or shut down any transactions taking place. Thawte is one good example of a widely available SSL certificate that pairs well with almost every website.
5. Strong Passwords
It goes without say that this is the most obvious thing ignored by many. Ensure that your password is a combination of alphanumeric characters, upper and lower case characters, symbols and at least twelve characters long to prevent brute force attacks. Some of you ignore this and make your passwords short and easy to save you some typing time little do they know that they may also be saving the hackers some time too.
6. Hide Admin Directories
Hackers can gain access to your site’s data by going straight to your admin directories. Hackers can use scripts that scan all the file directories on your web server for names like ‘admin’ or ‘login’ among others, and focus their skills on accessing these folders to compromise your website’s security. Most CMS’s allow you to rename your admin folders to any name of your choice. Pick not so obvious names for your admin folders that are known only to your webmasters to greatly reduce the possibility of a potential breach.
I am hopping these tips helps you in building a secure site. Do not sit back and hope you don’t fall victim, take the necessary security measures as soon as yesterday. 🙂