In many ways, the challenges of website security are a game of cat and mouse - and you have to stay ahead of the 'bad guys.' If you sit back and do nothing, your site will be compromised. It's important to clarify that there are two different meanings for 'secure website.' The first definition of a secure site is one that utilizes an https URL. The other definition is simply a site that is safe from being hijacked or infected. You can follow proven methods to accomplish either one.
Building a Secure (https) Website
Having a website with an https URL is basically mandatory if your site will be used in the transmission of any financial or personal information, including government identification numbers (such as a social security numbers and tax ID numbers).
Creating a secure site requires the following:
- A web server that that supports SSL encryption
- A unique IP address
- A SSL certificate
Using Your Own Service
If you have your own web server, then to set up your secure site you will need:
- Appropriate software installed on the server - depending on the type of server used, you need one to install one of the following web servers:
- A SSL certificate and
- A folder where all of your secured pages are stored
Using a Hosting Service's Server
Most likely, you will be using a web server owned by the company hosting your site. In that case, you need to contact the service provider. They will:
- Create a folder where you will place all your secured content
- Provide you with the URL to the secured site.
If you are using a free-hosting web service, a secured site is most likely not going to be an option.
Besides following sound coding principles, it is best to use relative links instead of absolute links when calling out to files, images, etc. if you want your site to be secure. If you use absolute links, it may trigger a security warning in users' browsers when they attempt to load a page with, for example, an 'unsecure' image on it.
The cost of a secured site can vary widely, but at a minimum expect to pay $400 per year for a SSL certificate and possibly an additional fee for the https option. The price of SSL certificates also vary widely, but it is probably in your best interest to go with a well-known company like Symantec to ensure the security of your site.
Keeping Your Site Safe from Hackers
Creating a relatively safe, secure business or personal website is actually not complicated. You just need to incorporate these common, well-established procedures in your site.
Keep Passwords Safe
Two common passwords still used today are admin and 123456. In fact, one well-known hacker hijacked more than 6,000 websites just by using commonly known passwords.
Protect your site by incorporating these policies:
- Never share your password
- Use strong passwords. You can use a password generator to create them.
- Move to two-factor authentication. This is becoming an increasingly popular method for sites, like banks, which will require a two-step process before you can access an account.
If you use a content management system, one potential problem that can put your site at risk is updating your site with a machine that is not up-to-date on virus protection. Make sure any computer you use is set up to have anti-virus and operating system security updates automatically installed. This step can prevent hackers from getting a foothold into your site's database.
Use a Quality Hosting Company
You don't save money in the long run if you go with a hosting company with weak security measures in place, because doing so can leave your site more vulnerable to attacks. The consequent downtime and clean-up can be costly, not to mention the damage to your company's reputation. If your site becomes infected, for instance with malware, you risk being blacklisted by search engines. Spend the extra money and go with a company known for having a strong security protocol.
Smaller Sites at Greater Risk
Although it doesn't always make headlines, in many ways small businesses are more vulnerable to hackers than large ones. This is often due to financial constraints that force owners to restrict expenditures on site security. What owners fail to understand, though, is that hackers are always searching for defenseless servers. If the one that hosts your site is available, hackers will infect it.
Ongoing Security Monitoring
Do not presume that once you have installed a system that you are good to go without needing to look back. Maintaining a secure website means staying on top of current threats and trends. However, you can simplify the workload by making sure you have as many automated security measures as possible and by hiring third-party vendors for ongoing security monitoring.