The largest DDoS attack of its kind occurred in October of this year, bringing down everything from Netflix to Twitter. Cyber criminals frequently target websites, whether it be for personal information, financial information, or just a challenge. Small business owners and webmasters need to be proactive when managing their website security, or they could easily suffer from a data breach or significant business interruption. Here are a few website security tips to follow to reduce your risk.
9 Website Security Tips:
- Always Use a Secure Connection.
A secured SSL connection will encrypt traffic to and from your website, ensuring that the traffic cannot be hijacked by hackers. Otherwise important data exchanged between you and your users could become compromised. You can get an SSL certificate from most web hosts.
- Install Security Applications.
Security applications can be installed on your server to ensure that it's protected against issues such as the above mentioned DDoS attacks. These applications will regularly monitor your incoming and outgoing traffic to make sure that everything is legitimate. This can protect you from intrusion attempts, malware, and other related issues. Of course, what it usually can't protect you from is user error -- such as easily guessed passwords.
- Keep Your System Updated.
The software that runs your website has to be updated periodically -- otherwise it could become vulnerable to new exploits. This can include everything from your content management system to the software that runs your server itself.
- Lock Down Your FTP Access.
For most developers, FTP access will be their primary method of interacting with their website's files and folders. But FTP access can also be very dangerous -- anyone with a user's FTP login can begin interacting with data on the server. Make sure that only essential users have FTP accounts and that these FTP accounts are both secured and monitored.
- Protect Against SQL Injection.
SQL injection is the practice of inserting database code into forms. If the database code is accepted, it can then interact with the database in ways that the programmer never intended. To protect against SQL injection, programming has to be completed to validate and sanitize each form entry before anything is ever inserted into the database.
- Remove Visible Error Messages.
Many servers will disclose programming errors by default. This can be very dangerous because it tells the user exactly what is wrong with a website -- and gives details about the site's programming, such as its variable names. Turning off these visible errors is far safer.
- Practice Proper Password Hygiene.
Proper password hygiene means always maintaining unique, complex passwords that are difficult to guess but easy to remember. In terms of passwords, something like "ThisisApassword!" is far more secure than "p@ssw0rd." This is because it's longer and more complex.
- Backup Your Website Regularly.
Protecting your website isn't all about prevention. It's also about disaster preparedness. In the event that a threat does take down your website, you'll need to be able to restore it. Businesses can lose thousands of dollars a day simply by having their eCommerce portal down. To protect yourself, you need to back your data up regularly -- and you need to secure these backups properly.
- Keep Administrative Pages Hidden.
Some webmasters interact with their websites primarily through administrative interfaces. Though this may make the process of administration easier, it can also be a vulnerability in itself; anyone who gets into the administrative account can then affect the entire website. Administrative pages should be completely hidden and the accounts should be given only to those who absolutely need them.
Understandably, many of these suggestions are highly technical. Depending on your own level of expertise, you might need a little help. After all, if Netflix and Reddit can fall prey to DDoS attacks, most people can. For more information on website security and reducing your risk, contact us today at 21Handshake.