Why Website Security Is Important
If you run a website whether business or personal then ensuring that it is secure is important for a number of reasons, as shown below:
- To prevent Malware (viruses) being uploaded to your site
- To prevent Phishing emails being sent via your website
- To reassure your website visitors that your website is safe
- To get a better ranking in the search engines like Google
- To protect your business from getting hacked and to protect against losing vital data
1. Secure Your Website
There are two main ways to secure your website:
- Switch to Secure HTTPS
- Use a Website Security Seal with Malware Detection
2. Website Security Seal
A Site Seal is a security feature that monitors your website looking for Malware (i.e. viruses uploaded by hackers).
It’s like having an anti-virus for your website. You wouldn’t access the internet without using an anti-virus so why expose your website to potential threats?
It monitors your files and if it detects any Malware it notifies you so that you can remove it.
3. Keep software up to date
It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure.
This applies to both the server operating system and any software you may be running on your website such as a CMS or forum.
When website security holes are found in software, hackers are quick to attempt to abuse them.
If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.
4. Watch out for SQL injection
SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.
5. Check your passwords
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.
6. Get website security tools
Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.
7. Avoid file uploads
Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded, however innocent it may look, could contain a script that when executed on your server, completely opens up your website.
If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not foolproof. Most images formats allow storing a comment section that could contain PHP code that could be executed by the server.
So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but don’t rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.