Website security is one of the most important but also one of the most challenging aspects of running any website. Having the best website security practices in place will help protect your website and visitors from cyber attacks.
It’s super important that your website has a valid SSL certificate and secure SSL policy. SSL works by encrypting the traffic between the website’s server and the visitor of the website. Websites that don’t have a valid SSL certificate or have a misconfigured SSL certificate leave their connection open to man-in-the-middle attacks. In a man-in-the-middle attack, the hacker would sit in between the connection to the website. Eavesdropping on important information we always provide our clients who have a website or web services with us a free SSL certificate. We also reissue a new SSL certificate for our client’s SSL certificates when they expire.
Spammers are always looking for new ways to spam your website with junk content. Any security weakness in your website can open it up to being a target of spam. By installing Anti-Spam software we can prevent known spammers from accessing our website by setting a black/white list of allowed and disallowed IP addresses. A lot of website owners often disable comments on their websites.
Your website should follow a regular backup schedule so that it easy recovered in the event of any disaster. Webserver malfunction, data loss, or a cyber attack can be pricey. For a company that does not have any backups of their data, it could be disastrous. Website By Design backs our client’s website up to popular cloud storage services such as Google Drive, Dropbox among others. We have the capacity to store daily backups of all our client’s websites. Our clients will also receive an email with their websites back up so they can easily restore their website themselves if required.
Limit Login Attempts
Its best practice to limit login attempts to your website. Hackers often target website login pages by brute-forcing the password of the admin user. To stop brute-force attacks it’s best to limit login attempts. It’s not just the human form of hacker that will target your login pages. Hackers create bots specifically designed to brute-force your website’s login. Hackers and bots alike will often use wordlists containing various well-known passwords in hope that your website uses a password that is in that list. It’s always best to use a strong password that changes often.
Use a DNS Proxy
By using a DNS proxy with our webserver it allows us to hide our original IP address by masking it behind our DNS Proxy provider’s IP address which makes it a lot harder for a hacker to see the server’s original IP address and hence makes the webserver harder to attack.
Block User Enumeration