How to secure your website

Introduction

So, you have a website and you are looking at how to protect it and keep your business going. These essential steps will tell you all that you need to know on how to secure your website.

The guide covers all types of websites and all sizes as well. So, no matter if you are a web professional, small business, or big enterprise.

First, you have to know how your website is made and published online so you can focus on what to protect and secure.

What made websites?

The following diagram shows how the website is made and published.

Here are the descriptions for each layer according to the famous design research firms:

Hosting Company is where you publish your website that provides Internet access to your website. It might be a web hosting company or your own data center.
Web Server is the server (computer) that hosts your website files and databases and processes the requests from your website visitors.
The framework is the programming language that made your website. Also, it is the content management system (e.g. WordPress, Drupal, Joomla…etc) that is customized for your website.
The theme, Libraries, and Plugins are the ready-made components that you utilize and customize in your website.
Your Custom Website is your own specific code and the logic of your website.

Security in Each Layer

To have a secure website, you need to have security on all previously described layers.

And here what you need in each layer:

Hosting Company Security

You have to choose your hosting company carefully and check all the security features they are providing to you.

Examples of security features at the hosting level:

Web Application Firewall
Anti-DDoS
Automatic Backup in case something happened to your files you can restore them.

Web Server Security

Make sure that the server that hosts your website is secure and it does not open another door to your website. In many cases, the webserver security is web hosting responsibility and you can check they are providing this for you.

Make sure all not needed services are disabled and the open ones are secured and always up to date.

Examples of web server security:

Keeping the webserver updated with all security patches are applied.
Enable HTTPS and make auto redirection from HTTP to HTTPS.
Run webserver with the least privileged.
Harden operating system with secure configurations.
Scan your server regularly for any security vulnerabilities.

Framework Security

Not all frameworks are secure and many of them are very easy for attackers to hack. On the other hand, some content management systems provide robust security and smooth update and patching process.

Framework security includes:

Remove default files that give ideas for hackers what version you are using.
Remove default meta information.
Rename default users and especially the admin.
Hide admin login page.
Always update your content management system.
Take backups regularly.
Scan your framework regularly for any security vulnerabilities.

Theme, Libraries and Plugins Security

Plugins and libraries can be very handy for website owners. However, usually, plugins developers don’t follow secure practice and many libraries contain security vulnerabilities.

As a website owner, you need to:

Use known to be secure plugins only.
Use libraries with good vendor/community support.
Always update your plugins and libraries.
Remove default files
Scan your plugins regularly for any security vulnerabilities.

Your Custom Website

Now is the most important part, your website and the logic behind your business and services.

Where you need to keep its security and availability as well.

To secure your website:

Monitor its availability (automated).
Scan your website regularly for any security vulnerabilities.
Scan your website regularly for any malware or malicious content.
Monitor blacklisting status

Free Website Security

There are many website security solutions you can depend on scanning and monitoring your website security. However, ScanTitan provides all website security in one portal making it ideal for any company size or even individuals.

You can start with the free package where it offers: