As a website owner, is there anything more terrifying than the thought of seeing all of your work altered or entirely wiped out by a nefarious hacker? You've worked hard on your website (and your brand) – so take the time to protect it with these basic hacking protections
Here is How to Secure Your Website. A website that is not secure is open to hackers and viruses.
Overview
The best thing about SSL is it’s simple to set up, and once it’s done all you have to do is route people to use HTTPS instead of HTTP. If you try to access your site by putting https:// in front of your URLs right now, you’ll get an error. That’s because you haven’t installed an SSL Certificate. But don’t worry – we’ll walk you through setting on up right now!
Setting up HTTPS on your website is very easy, just follow these 5 simple steps:
*Host with a dedicated IP address
*Buy a certificate
*Activate the certificate
*Install the certificate
*Update your site to use HTTPS
Keep All Software Updated
Whether your website was built from scratch by your development team or you chose to create a DIY site on a third party turnkey platform, as a site owner it’s your job to ensure that every piece of software you run is up to date.
CMS providers like WordPress, Joomla and their ilk work round the clock trying to plug any holes in their systems and release regular patches and updates that make their software less vulnerable to attacks. Ensure that you run these updates and have the latest version supporting your site at any given point in time.
If your site uses third party plugins, keep track of their updates and ensure that these are updated on time as well. Often, many sites include plugins that fall into disuse over time. Clean out your website of any unused, old and non-updated plugins — they are sitting ducks for hackers to be used as a gateway to enter your site and wreak havoc on it.
Host with a dedicated IP address
In order to provide the best security, SSL certificates require your website to have its own dedicated IP address. Lots of smaller web hosting plans put you on a shared IP where multiple other websites are using the same location. With a dedicated IP, you ensure that the traffic going to that IP address is only going to your website and no one else’s.
An affordable host I recommend for a dedicated IP is StableHost. At this time it’s under $6/month, but you can get it cheaper if you order for a full year. They’re my host and I’ve been blown away with their support and performance. Oh, and here’s a coupon for 40% off: expert40
If you don’t have a plan with a dedicated IP you can ask your current web host to upgrade your account to have a dedicated IP address. There will probably be a charge for it – it could be one-time or monthly fees.
Buy a Certificate, Activate And Install It!
Update your site to use HTTPS
HTTPS or Hyper Text Transfer Protocol Secure, is a secure communications protocol that is used to transfer sensitive information between a website and a web server. Moving your website to the HTTPS protocol essentially means adding an encryption layer of TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to your HTTP making your users’ and your own data extra secure from hacking attempts.
While HTTPS is a necessity for all online transactions, the rest of the website is usually on HTTP in most cases. However, all that is about to change with Google’s recent announcement that HTTPS will be a search ranking factor. Besides the security aspect of things, it now makes even more sense to shift your entire website to HTTPS to improve your search rankings simultaneously.
However, if you want to ensure that people can only use specific pages securely no matter what links they come from, it’s best to use a server-side approach to redirect the user if it’s not HTTPS. You can do that with a code snippet inserted on top of your secure page. Here’s one in PHP:
// Require https
if ($_SERVER['HTTPS'] != "on") {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $url");
exit;
}
Another server-side approach is to use mod-rewrite. This won’t require you to change any of your website files, but will need you to modify your apache configuration. Here’s a nice mod-rewrite cheat sheet , or just use this example:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(cart/|checkout/) https://%{HTTP_HOST}%{REQUEST_URI}
Use Strong Passwords, Change Regularly
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six month
Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long to prevent brute force attacks.
Do not use the same password for all your different website logins. Change your passwords regularly to keep them doubly secure. Store users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords.
