Putting up a high-quality website has gotten much easier than in years past because of user-friendly Content Management Systems (CMS) such as Drupal, WordPress and Magento, and that’s great. However, the Internet itself has not gotten any more secure, and many webmasters are unsure of how to protect their sites. Here are some of the basic strategies behind keeping a website secure.
Keep current
Never ignore update reminders for CMS patches, plugins or anything else. Many hacking attempts are done automatically by bots, and they are attempting to find known security weaknesses that can be breached. Staying up to date helps avoid this. Keeping current is a state of mind; you want to understand, and stay abreast with, everything in the changing worlds of technology, commerce and regulations.
Build infrastructure
While it’s convenient to host all of your websites on a single server, it’s also convenient for hackers. With all your files on the same server, once one is compromised, so are the rest. Therefore, it’s best to isolate your sites from one another; if one is infected, then you can stop the problem there, and cleanup will be limited to that one location rather than to every site you are running.
Limit access
Users on your site should have permission to only the level that they need to do their work; if higher-level access is granted temporarily, it should be rescinded once the need for it is gone. Do not allow multiple users to log in under a single account because doing so means that it is difficult to figure out who did what on the network after the fact.
Furthermore, having a single account for each user allows you to monitor individual behavior and notice when someone does something on the network not normal for them. Users need to login so that there is accountability for everything that happens on the site, and this can be done automatically for their convenience.
Use SSL
SSL stands for Secure Sockets Layer, and it encrypts data running between a web server and the browsers of users visiting it. This means that it protects your visitors, and if you are running an eCommerce website in particular where users are putting in their credit card numbers, it is a mandatory security feature. SSL protects against “man in the middle” attacks where hackers are lurking between a website and those visiting it.
Change default settings
Hackers carefully study the default settings of CRM software and automate attacks directed at them, so simply changing defaults wards off a lot of trouble. For example, a good idea is to raise the level of permission to administrator on as many of your files as possible. Many are set by default to be writable to anyone using the system.
An ounce of prevention is worth a pound of cure, and nowhere is this more true than when it comes to application protection. Plan for the worst, and you’ll be ready. In the unfortunate event that your site is compromised, make sure that you are automatically backing up off-site at regular intervals.
