How to make a website secure
Making and keeping a website secure is an ongoing process, and cannot be done in one go. There are always things that need to be updated as technology changes, and additional measures are taken. The measures you can incorporate in your website we will explain in this blog post. And how you can make a plan for yourself to keep your website safe.
Keeping a website secure, the front door
The front door of a website can be seen as the usernames and passwords that are used. In any Content Management System such as WordPress, Joomla, Drupal and Umbraco, managing the websites is possible with an administrator account. This administrator account is in most cases connected to an email address. And that's where this actually starts. The email address can be secured with a two factor authentication, and the accounts can often also be secured with this using a plugin. It is also extremely important that you create strong passwords for almost every component. So always try to create strong passwords for this. And do this for example with our password generator. Here strong passwords are created that can be saved in the browser that is used, or a password manager.
The strong passwords are then created for the database data, the website accounts, the email address that is used and any other accounts such as the FTP account where the files can be viewed. As long as you always set strong passwords for these accounts and maintain and/or update them regularly. Then you will have the front door of a secure website in order.
Also always try for a website the administrator accounts and usernames are not directly guessable to the website. Like not the username "admin" is used for everything. But added with your own data that is not visible on the website by default.
Securing the backdoor of a website
The back door of a website can be seen as the technology used. For example, is a stable and long term support PHP version installed, the ASP.NET version. Or is an older version being used here. Especially with PHP, we see more often than not that PHP 5.6 is still being used, which by now has not been supported for several years. In combination with the unsafe MySQL(); function. PDO or MySQLi is the least that should be used for the database connection.
So do research on the technology used on a website and always try to use the latest stable versions. More about this in a later headline.
An SSL certificate, what is its role?
An SSL certificate does not make a website safe. What an SSL certificate is for, is securing the connection between an end user and your website. Data that the visitor gives to send to your website. Like an account that is created. This will be secured over the line when for example working from a public WIFI connection. This has nothing to do with securing the website itself. Besides an SSL certificate, it is also important that the other security measures are applied so that this is properly secured.
Maintaining and updating updates
One of the most important things for keeping a website secure is to keep track of the updates that come out for it. By keeping updates you can ensure that a website is secure. Especially with a content management system, it is important to process and install updates that come out in a timely manner. Often such updates are full of security fixes and ensure that your website is supported with a lot of new functionality in addition to the security updates. Reason enough to always keep up with updates!
Staying on top of developments
Staying informed about what is happening within your Content Management System, within the hosting and other issues. It is important to stay informed. For example, subscribe to the security forum and keep an eye on our blog posts and announcements. With a few updates it will soon be possible to prevent and solve problems.
By keeping yourself informed here you also keep a better eye on what is happening than in many other ways. So follow the blog posts and keep track of what changes with developments in the Content Management System that is used, what happens in the plugins you use and the theme. This will prevent a lot of problems within your website.
Backups, backups, backups
Backups remain an important part of any secure website, whether this is the importance of fixing an error, or after an intrusion of an insecure plugin. With a few extra measures you can make sure that you can always go back to an earlier point in time. And thus be able to fix errors and solve problems. Creating backups can be done in a number of different ways in your hosting. You can do this with a scheduled task, via a plugin or manually. With a manual backup you can often make a backup once or more often. However, with a plugin or scheduled task this is often a lot easier to set up. This then continues to run on autopilot in the background.
With an automatic backup you do not have to worry about the periodic updates. To read all about making backups you can read the earlier article on this subject.
https://www.mijnhostingpartner.nl/client/knowledgebase/backup/automatisch-een-backup-laten-maken-scheduled-task/
And those are all the tips we have for having and keeping a secure website. Any other things you always apply to your website? Let us know via the chat!