Best Practises for Keeping Your Site Secure

Security should be the top priority for websites in this age of rising cyber crime. Here is a list of best security practises to follow to keep your website safe from malware and criminal hackers:

Get a Secure Sockets Layer Certificate

A Secure Sockets Layer is an encryption protocol. Simply put, this tool makes the data transferred between the browser and your server database incomprehensible to people and computers. Data in transit is highly vulnerable to hacking. Using an SSL will protect extremely sensitive information like credit card data from falling into the wrong hands. You can buy a certificate ensuring that your site is SSL protected from online vendors. You can compare different vendors to get the best SSL certificate price.

Use Tools to Scan Your Site for Vulnerabilities

Get a web app vulnerability scanner to check your site for potential security flaws. You can buy one of these tools or you can download and open source version for free. Web app scanners like Grabber can let you know if a hacker has inserted malicious code to your web script. Grabber, for example, can detect SQL injections, file inclusion, and cross-site scripting. There are other scanners that may offer even more features, including checking the site for backups. A vulnerability scanner is an invaluable tool that will keep your site secure and prevent any possible future hacks.

Install a Web Application Firewall

Web application firewalls (WAF) read all data passing through all data connections on your server. If any unknown code is going through, the firewall can prevent the code and notify you. You can install a WAF to your server. You can also buy cloud-based WAFs, which are available for monthly subscriptions. Cloud-based WAFs are not installed to the server but can monitor all traffic coming to the server. WAFs can block almost any hacking attempt and is known to be particularly effective against malicious software like spam.

Hide Admin Pages from Search Engines

Do not allow search engines to index your site’s admin pages. Search engines store robots_txt files, which hackers can gain access to using various tools available on the internet. Then, a skilled hacker can scan the file to develop an intrusion method targeting your site. Stop search engines from listing your site’s robots_txt file. It’s not that difficult to do.

Disallow File Uploads

File uploads are problematic on so many levels. Even the most innocent file upload to your site can contain a bug that compromises the security features of the entire site. Therefore, either disallow or strongly discourage all user file uploads to your site. Provide alternatives instead. For example, rather than letting users upload a picture, provide avatars they can choose for an account. If files must be uploaded, take care to keep them stored outside your root directory. Use a separate script to access them to prevent possible bugs from infecting your site.

Stop Using Flash and Similarly Outdated Software

Stop using programs like Flash that are known to contain security problems. Learn to use software that is known to be secure. For example, HTML 5 is the preferred alternative to Flash. Don’t use software that is not running the latest version.

Last but not least, back up all files. If there is an infection, you can use the backups to quickly restore your site without hurting the traffic.

To find out more about SSL, go to


About The Author