Sites, unfortunately, are subject to security threats. To protect against them, you need to know what to look for on your site. Speaking of website security, we need to consider three factors: software security, server security, and site administrator awareness and accuracy.
To ensure the security of the software part of the site, developers often use different content management systems (for example, Joomla, WordPress, Bitrix, etc.) or scripts on which the site runs. Reliability of the software implies the absence of vulnerabilities, i.e. security holes that allow an attacker to gain access to the database, file system, or the site administration panel. To avoid software vulnerabilities, developers should pay attention to the security issue.
If the website works on one of the popular site management systems, you need to keep track of updates and patches, and timely update the CMS to the latest available version. If the website runs on proprietary scripts, you need to scan the site using available vulnerability scanners (Acunetix Web Vulnerability Scanner, utilities for searching SQL injections, XSS, RFI and others), check the source code of the site using static source code analysis (RIPS) and, if vulnerabilities are found, fix them.
In addition to regular updates of scripts and CMS, there is another important point that enhances the security and reliability of scripts – this is the correct configuration of the website.
It is necessary to:
- prescribe the rights to files and directories precisely;
- close access to the internals of the site (backup directories, configuration files, etc.);
- disable scripts in download directories;
- put additional protection to the admin login area.
The second important point affecting the security of the site as a whole is hosting. There are various types of hosting, but for the needs of this article, we will only name the most common ones: shared hosting, VPS hosting, dedicated hosting, and cloud hosting. Each of them has its pros and cons, so it’s up to you to decide which suits best your needs and, of course, the budget.
From a security point of view, it is better to avoid shared hosting, since shared hosting is a shared responsibility. This means that even if a single website that uses the same server resources as your website is compromised, it’s likely that your website will also be hacked.
Next steps to security are:
- determine with your web host provider if SFTP is available for you;
- use firewall, a rootkit scanner, and install anti-virus software (e.g. ClamAV for your cPanel);
- keep cPanel up to date and turn on cPHulk in cPanel (to prevent your server falling victim to brute force attacks);
- remove accounts that are not needed, disable FTP use by an unknown user, and change password regularly;
- back up your data on a daily basis to make sure that your system or site is up and running regardless of unexpected things like a server crashing or attack.
Awareness and Accuracy of the Site Administrator
As you have already noticed, ensuring website security is quite a resource-intensive and time-consuming task. So if all the frenetic cycles, every business goes through, have become the norm rather than the exception, it may be time to hire a site administrator. Doing so would relieve you of the daily duties of site maintenance, so you can concentrate on running the business you love by doing what you love most.
When choosing a person to whom you can entrust the security of your site, remember that it is not only professional skills – awareness and accuracy; keen organization and time management; adeptness with a wide variety of tasks; flexibility and agility, etc. – that matter but personal qualities as well. This means that your site administrator should be your right-hand person, the one you trust, whose judgment you value, and whom you enjoy a friendly rapport.
With the exponential growth of cybercrime over recent years, any website owner can’t but take meaningful steps to protect his website. Dozens of different security practices can be put to place, but without decent server security, even the best-protected site can easily fall victim to hackers. So finding secure web hosting is essential.
Securing a website is a fairly resource-intensive and time-consuming task. So, if you feel that it is starting to eat up a far too big chunk of your time, maybe, it’s time to learn how to delegate: find the right person who can handle your website security for you.
If all three components are properly organized, then the website will be inaccessible for hackers and viruses.