Fundamental Website Security Practices

There are various levels to website security, some deal with the host hardware which the website runs on, some deal with the applications onto the server and some deal with the website.

Diving into programming concepts, programming theory, and hardware specifics, while essential, is beyond the scope and intention of the report. This article talks about website security measures and prevention steps that any website owner can take with little to no specialized knowledge.

The first thing any website owner should do is identify their website viewers. Who’s interested in your website and would be most likely to go to? Identifying your website audience is more than simply Marketing 101; you would like to know who your website’s audience is for an assortment of reasons.

If for example, your website is directed towards a very specific culture or sub-culture in a country or other geographical location; there are tools you can use to alter, limit or refuse the content accessible to users inside or out of that location.

As soon as you realize the sort of user that’s very likely to see your website, you can tailor your security practices so you don’t infringe upon your intended users.

Normally, the normal website owner has bought a hosting package from a web hosting provider. That provider will normally offer a tool named cPanel or Plesk (or something similar) to assist the user manage their hosting accounts.

The first and most practical proactive security step you can take is to use a remarkably strong password for your hosting accounts. Once within your hosting account, you are able to command many, many things that may radically affect your website; you will need to use a very strong password and change it around every 30-45 days.

Generally, strong passwords are 8 to 16 characters long, include a combination of letters (upper and lower case), numbers, punctuation marks, and special characters. Some services won’t allow special characters in passwords; (that is sometimes done to the encryption algorithm that the service uses) however, you must always use a combination of numbers and letters.

The second proactive security step is to procure all of the FTP accounts for your website. FTP stands for File Transfer Protocol and is a means in which you may read/write into the file system of your website, from the computer. Many web hosting providers will make a default FTP account for each domain name you have on your account. If you aren’t certain how to use FTP or do not have to use FTP, speak with your web hosting provider about disabling FTP fro your website until you know more about it or have a reason to use it.

If you’re using or intend to use the FTP account(s) to your website, make certain every account has a strong password (mentioned previously ). Some web hosting providers may provide a service named SFTP or Secure File Transfer Protocol. SFTP is a way to encrypt the file transmission between your computer and the webserver. If your web hosting provider makes SFTP available, use that over FTP. When most FTP providers use Port 21, SFTP will usually utilize Port 22 (unless your web hosting provider has a different specification). If you are not sure, ask your web hosting provider and they’ll assist you with SFTP.

Lastly, the third most practical proactive security step is to embrace the mindset of, “Less is more”> In other words, if you are not using it, then take it off your website or web server. Often times when a website owner stops using a document, plugin or module, they disable it or turn it off but not eliminate it from their web server. If you are not using it, then get it off the server! This practice won’t only help you conserve disk space but it is going to help keep potentially vulnerable files off your web server.