Top 5 Tips To Improving Site Security
By Uchenna Ani-Okoye
Web development has become more accessible due to the increasing number of services and tools in the field. These content management systems (CMS) like WordPress, make it quick and easy for someone to build their own presence on the internet. Drupal, Joomla, and WordPress come with plugins, extensive functionality and modules, which are designed to reduce the leg work of having to learn how to build a website yourself.
Launching your own business or personal website is very easy today, and that’s a good thing. However, there are things that you should be aware of. Having a website is just the beginning, making it secure is equally as important. However, website security is something you’ll have to handle by yourself. So if you know very little about it. The information here should be enough to set you on the right path to learning what you need to know.
1. Change Default CMS Settings
Although content management systems are relatively easy to use, when it comes to security, there is a whole lot of stuff you must wrap your head around. Most website attacks are automated. Many of these automated attacks, assume or rather rely on the website using all the default settings.
This means you can secure your website from these kinds of malicious attacks, simply by making alterations to your content management default settings.
As an example, most content management systems, by default are set to writable, this is so the end-user can install plugins on a whim.
There are settings that you can alter to control users, comments and site visibility. File permissions are another area of the website that you may want to consider changing.
You have the choice to either change them, during the installation process of the CMS or after the website is up and running – it’s up to you.
As much as we’d like to think that it’ll never happen to us, disasters do occur, and they typically result in loss of some or all of our sensitive data. This is where back-ups come into the equation, as a fail-safe, so that we can restore that which we have lost.
If you regularly back up your website files, you can rest assured that you will be able to restore your data, in the event that something unexpected occurs.
3. SSL Certificates
SSL or Secure Sockets Layer is designed to encrypt communications between the browser and a web server, making it difficult for a hacker to hijack and interpret. You definitely want to invest in one of these SSL certificates, not simply because it’ll protect your logins, but also because there are SEO benefits to having a secure website.
When it comes to securing your website, this depends a great deal on your approach. You need to consider what kind of passwords that you use, as hackers are always on the prowl.
Whenever a website has been hacked, typically, these webmasters will consort someone with a little more knowledge and understanding about the subject, to come and fix their site. The unfortunate reality is that a lot of these hacked websites use simple logins like admin and password, as their actual username and password.
When a hacker breaches a site, they’ll add the password and login to an online database of websites. This list will then be used to generate an even larger database of potential logins. If your password has been added to this list, then it’s only a matter of time, before they guess the right username, to go with that password.
For this reason, you want to go with a strong password. Below are some tips you can use to do that:
- Never reuse your passwords. You want to use unique passwords for every single thing that you log into. Sounds difficult, but is possible, if you use a password manager.
- Make your passwords long. You want your passwords to be at least 12 characters if you can. The longer you make the password, the more difficult it is, for hackers to break.
- Make your passwords random. These password cracking tools that hackers use, are capable of guessing thousands, even millions of different password combinations in a matter of minutes. This is done by using actual words, found in the dictionary. If your password combines real words, then it’s not random.
- If you can say the password, then it’s definitely not strong. You want to do more than just replacing an ‘I’ with the number ‘1’, you also want to use nonsensical wording, special characters and the like.
There are password managers out there that you can and should use, to help you secure things.
These management tools are designed to store all of your passwords, which are encrypted of course, and come with password generators, to make, creating new passwords all the easier. When you use a password manager, you make it easier to create safe and secure passwords for all your logins, as the work of having to remember your passwords, is no longer an issue.
5. Lock Your Domain
When you lock a domain, you essentially prevent that domain name from either being deleted or transferred elsewhere. ICANN rules dictate that domain names, must be locked for at least 2 months after they have been transferred or ownership of the domain itself has changed.
This locking status goes all the way up the chain, to the top love, this is to ensure there are no loopholes, which could result in changes occurring, from outside of the system.
It’s recommended that your domain be set to locked status, all the time, as this will ensure your domain is always within your control.