Your website is the cornerstone of your marketing efforts. You simply cannot afford to have it go down because of a security issue. We’ve put together these five tips for keeping your website safe and sound…
- Securing the origin server
- Having an SSL certificate
- Secure hosting configuration
- Using security services
- Regularly updating services
Secure the Origin Website Hosting Server
Securing the origin server on your website host platform is crucial. The good news is that it can be done easily using a service called Cloudflare. Cloudflare will route all web traffic through their servers. That’s the green line in the illustration above.
Cloudflare configuration, if set up correctly, will mask your origin server, which can provide protection from DDoS (Distributed Denial of Service) attacks.
Cloudflare also masks your DNS and you can manage the DNS records within your Cloudflare dashboard. These features from Cloudflare are free. You can certainly upgrade to a paid plan if you have more needs or want more of the paid services they offer.
You can usually set up firewall rules to secure your origin server if you have your own server infrastructure. If you are using shared or public hosting, you may need to consult with your provider on what is needed to help secure your website. They will most likely recommend using Cloudflare as mentioned above.
SSL Certificate – Now Mandated by Google
Having an SSL certificate installed on your website has become an online standard, as this provides end-to-end encryption which has security benefits for users on your website.
SSL certificates can be costly depending on where you look. However, Cloudflare once again saves the day and offers an SSL certificate for free as long as they are protecting your website.
Basically, you are adding your website to their dashboard and changing nameservers to the ones they provide. Then you are all set once your website becomes active on the Cloudflare dashboard.
You can also enable their SSL certificate on any sub-domains you have set up in the DNS records area of your Cloudflare dashboard. Many third-party services require your website to have an SSL certificate to interact with them, such as PayPal to process transactions.
PayPal has been enforcing eCommerce sites to have an SSL certificate installed so that payment and billing information is securely processed.
Secure Hosting Configuration
Secure hosting configuration can be done by either using online resources or through your web host.
The resources or your host will show you where to apply specific rules to the web services your website uses. For example, you might limit file upload sizes.
A firewall can be configured to allow or block specific ports from being accessed on your website. It can also secure your hosting and website from attackers. Your hosting provider can usually handle this for you. It can be set up relatively quickly.
Domain configuration security is critical as well. Check with your domain registrar to see if you are eligible for a domain transfer lock. Also, make sure your personal information is private.
Check your DNS configuration and secure the DNS zone. This is highly recommended as it prevents attackers from hijacking your DNS records and pointing your domain elsewhere.
Use Security Services
Security services such as Cloudflare mentioned above can save you time and headaches. Securing all these different areas on your own can be overwhelming.
Cloudflare has a wide range of services that take care of everything recommended in the sections above and provides all those features with their free plan. You may require additional services only offered with the paid version.
Cloudflare is a free to use platform for protecting your website and setting up an origin server. Some paid services provide all of the same features as Cloudflare but with add-ons.
One such service is Sucuri. If anything does happen to your website, it has the right tools to fix it.
Regular Website Service Updating – WordPress Updates
Of course, website updates and monitoring might be out of your control.
Is your website built on the WordPress CMS platform? If yes, the good news is that updating the core application, plugins, and themes for WordPress users can be done in a few steps.
Make sure you always backup your website before making any big changes or performing updates. A restore point is critical in case something breaks and brings your website down or puts it into a vulnerable state.
Remember, website security is important and something you can control. Follow the tips outlined in this post and you will be in great shape. Conduct site maintenance on a regular basis to keep your website secure and performing as intended.
If you need assistance implementing any or all of these services, drop us a line or give us a call at 717.457.0522.