So, you have a website and you are looking at how to protect it and keep your business going. These essential steps will tell you all what you need to know on how to secure your website.
The guide covers all types of websites and all sizes as well. So, no matter if you are a web professional, small business or big enterprise.
First, you have to know how your website is made and published online so you can focus on what to protect and secure.
What made websites?
The following diagram shows how a website is made and published.
Here are the descriptions for each layer:
- Hosting Company is where you publish your website that provides Internet access to your website. It might be a web hosting company or your own data centre.
- Web Server is the server (computer) that host your website files and databases and process the requests from your website visitors.
- The framework is the programming language that made your website. Also, it is the content management system (e.g. WordPress, Drupal, Joomla…etc) that is customized for your website.
- Theme, Libraries and Plugins are the ready-made components that you utilize and customize in your website.
- Your Custom Website is your own specific code and the logic of your website.
Security in Each Layer
To have a secure website, you need to have security on all previously described layers.
And here what you need in each layer:
Hosting Company Security
You have to choose your hosting company carefully and check all the security features they are providing to you.
Examples of security features at the hosting level:
- Web Application Firewall
- Automatic Backup in case something happened to your files you can restore them.
Web Server Security
Make sure that the server that hosts your website is secure and it does not open another door to your website. In many cases, the webserver security is web hosting responsibility and you can check they are providing this for you.
Make sure all not needed services are disabled and the open ones are secured and always up to date.
Examples of web server security:
- Keeping the webserver updated with all security patches are applied.
- Enable HTTPS and make auto redirection from HTTP to HTTPS.
- Run webserver with least privileged.
- Harden operating system with secure configurations.
- Scan your server regularly for any security vulnerabilities.
Not all frameworks are secure and many of them are very easy for attackers to hack. On the other hand, some content management systems provide robust security and smooth update and patching process.
Framework security includes:
- Remove default files that give an idea for hackers what version you are using.
- Remove default meta information.
- Rename default users and especially the admin.
- Hide admin login page.
- Always update your content management system.
- Take backups regularly.
- Scan your framework regularly for any security vulnerabilities.
Theme, Libraries and Plugins Security
Plugins and libraries can be very handy for the website owner. However, usually, plugins developers don’t follow secure practice and many libraries contain security vulnerabilities.
As the website owner, you need to:
- Use known to be secure plugins only.
- Use libraries with good vendor/community support.
- Always update your plugins and libraries.
- Remove default files
- Scan your plugins regularly for any security vulnerabilities.
Your Custom Website
Now is the most important part, your website and the logic behind your business and services.
Where you need to keep its security and availability as well.
To secure your website:
- Monitor its availability (automated).
- Scan your website regularly for any security vulnerabilities.
- Scan your website regularly for any malware or malicious contents.
- Monitor blacklisting status
Free Website Security
There are many website security solutions you can depend on scanning and monitoring your website security. However, ScanTitan provides all website security in one portal making it ideal for any company size or even individuals.
You can start with the free package where it offers:
- Website Vulnerability Scanning
- Website Malware Scanning
- Website Malware Monitoring
- Website Availability Monitoring
We grouped website security into four main actions you have to take to ensure your website security.
Sign up today, and start securing your website with ScanTitan for free. No credit card is required.