Honesty Rocks! truth rules.

How To Make Your Website Secure?

HOME      >>       Websites and Web Designing

web_designer

hi everyone, i hope you can share me your ideas.i think the next important step that any website owner should take after making his website work properly is the security. in my cpanal i have an antivirus but is it enough to secure my website.or should i add something?i think also there is some commands to secure the website in .htaccess?so bloggers and websites owners what do you use to make your website secure?


BuffaloHelp

There are two things you need to secure: your password and your scripts.No matter how secure you may be, if your password for FTP, cPanel or any management system is weak you will be open to attack/hack/brute force. Do use secure password and stay away from easy ones. Just because you can't remember you should not use simple words. Mix different characters such as $, period, ^, # etc.Second is using scripts that are safe. Whether you are using WordPress, Joomla, simple CMS or your own script, always make sure they are updated and check for any flaws. If you are not strong with programming languages you should always read and research before installing. This leads to another point of password security--let's say you installed WordPress and used some simple password for your WordPress. Obviously you should not do that. Fortunately WordPress has password failure attempt prevention so when wrong passwords were entered x amount of time, it temperately disables long using the same username/IP.It's all about being proactive and anticipating the hacker's move. Always check your status and visiting numbers. Be on the lookout for ways they can obtain your password--like phishing. And in case of WordPress, do not reveal your long name, instead show your nick name so that it's harder to guess your login name.Keeping these simple things, as a start, in mind will eventually help you in securing your website.


web_designer

great tips, thank you buffalohelp. for a start as you said i will check my passwords and make sure that they are strong. but one question please?what do you mean -check your readers- how is that helps me to be more secure, i wish you can explain more?thank you a lot.


deadmad7

If you have a website that requires individuals to enter items, such as email addresses, passwords and especially financial information, then you should ensure that you are operating a secure website. By making your website secure, you are protecting your customer's confidential information. A secure website can give your customers the comfort of knowing that purchasing items on your website is safe for them and their banking accounts.

One of the little things that affect your website alot is a CSR. You can ask your web hosting company(i think yours is xisto, just go make a ticket) to create a CSR (certificate signing request) form. Then they will sent you a copy of it through mail. With the CSR you can make sites with the SSL facility. SSL (Secure Socket Layer) are a special trustable certificate. Many web hosting companies sell SSL certificates. You can also purchase SSL certificates from hosting sites like Xisto(get it as an addon) Register.com and GoDaddy, just to name a few, almost all provide one. To create the SSL you will need the CSR, but i think Xisto does it all for you :)


Edit: W00T 200 Posts!

web_designer

One of the little things that affect your website alot is a CSR. You can ask your web hosting company(i think yours is xisto, just go make a ticket) to create a CSR (certificate signing request) form. Then they will sent you a copy of it through mail. With the CSR you can make sites with the SSL facility. SSL (Secure Socket Layer) are a special trustable certificate. Many web hosting companies sell SSL certificates. You can also purchase SSL certificates from hosting sites like Xisto(get it as an addon) Register.com and GoDaddy, just to name a few, almost all provide one. To create the SSL you will need the CSR, but i think Xisto does it all for you :)

Edit: W00T 200 Posts!

thank you a lot deadmad7, these are very important information i will be sure to do that, mostly after buying my own domain i will do that. i am saving mycents for that and have fun in posting here. thanks for your time. i am appreciated.

princeofvegas

I agree with deadmad.. IF you are going for the security of information that you transmit to or from your website, then you definitely want to have an SSL certificate installed. Make sure any SSL certificate that you purchase is verifiable with most browsers and platforms, otherwise you are going to have visitors coming to your site an facing a security popup every time they click a new page.Second, if you are running script, you want to make sure that your scripts a re safe from the usual attacks such as SQL injection, which basically is a flaw which allows a hacker to inject information into your SQL database. There are scripts and programs out there that will check these for thes vulnerabilities for you.Another thing to look for is make sure that you do not have any open directories. If you do not want people to be able to browse sub directories on your site, which is another loophole that hackers can use to gain access, make sure that you put a black index.php into each directory that you want to protect. This will protect end users from getting a directory listing of your files.One more thing is not leaving vulnerable scripts open to attacks. One of the most commonly attacked scripts out there are mailers and most people do not realize how easy it is to protect those mailer scripts from attack. There is plenty of information on Google about this and I will be more than happy to point you to some great tutorials or help you out with it. If you have any other questions do not hesitate to ask me.


fermin25

First of all I have not a lot of knowledge about the internet security but my curiosity have took me to search a lot about this since some people start to steal my email list from my affiliate website and I make a exhaustive research about the security in my website and I discovered that the php script that I was using for recolect the email listing of my members in my website was a bot and the hackers took advantage of this security issue of my website and stole all my mail listing and start to send spam to all my members and that of course ruined my affiliate program that I actually working for rebuild again and I am having success thank God. But my research didn?t end in the change of the script that collect my email listing. I tried to find a software to protect my website and in my researchs I found a PHP script software that promised to work like a firewall and avoid the steal of parts or files of my website, the violations to the website administration and the Dos attacks. But the price is big I think that this software costed $200 or something like that its name was 2008 Firewall script and you can try to find it in Google.But the main recomendation for the security of your website is don?t use the nulled scripts that are circulating in some pirates forums because they have in most number of cases bots that the nullers put there to hack your site in the future. So don?t fall in the trap of this non-etic internet users.I hope to help you. Regards


web_designer

very useful information princeofvegas and fermin25, i think i should try all these but i really afraid to break my theme or stopping my website. but i think it worth to do it. princeofvegas, i will be appreciated if you could point me some tutorials about mailing list. thank you all for your time and useful advices.


akira550

if you are using the wordpress blog platform you can use the WP-Security plugin to make your site secure and haxor freeanother good thing to make your website secure is to make your database table prefixes don't make it common sense makeit unique that you are the only one who knows about this, this is a method to prevent the SQL injections which can go ininto your site as a site admin and inject a virus or a malware into your site.Changing the permissions by using the CHMOD method is another good thing, knowing the right persmissions for your fileswould be great. making some folders sucure or read only so that you are the only one who can write into it.There are a lot of security for our website if we are just going to search for it, Another thing is the plugin of a cpanel there is an antivirus there where it can crawl into your files and scan them and see what files is a virus or is infected and thenit will heal the injure


longtimeago

I am not sure whether you are in need of a SSL security, because you aim in asking your questions to bloggers. Anyway what i would like to convey is that if you have some online transactions of some sensitive data , let it be credit card informations, passowords etc. you can go for SSL certificates from a 3rd party and you can use it for secure transfer of data through the internet. So now dont keep bothering too much whether you have to pay for SSL certificates for your website, Yeah you have to pay to the service providers. As far as i know no one gives that for free, but anyway as of now ( 15 feb 2010 ) there is a SSL certificate issuing authority who gives 30 days free trial. It is Thawate. That is really good i guess. I says so because even Google has their SSL certifications issues by them. And the most important thing over there is that for that 30 days free trial they do not ask for any credit card information. so you need not worry much . Just can go and sign up and get your free 30 days SSL certificate and use for your site if you need one.Please note that for blogging and everything you need not have SSL Certificates i guess. This is mainly used in banking websites or sites which involves financial transaction. But however from this year 2010 Gmail runs by default using SSL


web_designer

I am not sure whether you are in need of a SSL security, because you aim in asking your questions to bloggers. Anyway what i would like to convey is that if you have some online transactions of some sensitive data , let it be credit card informations, passowords etc. you can go for SSL certificates from a 3rd party and you can use it for secure transfer of data through the internet.
So now dont keep bothering too much whether you have to pay for SSL certificates for your website, Yeah you have to pay to the service providers. As far as i know no one gives that for free, but anyway as of now ( 15 feb 2010 ) there is a SSL certificate issuing authority who gives 30 days free trial. It is Thawate. That is really good i guess. I says so because even Google has their SSL certifications issues by them. And the most important thing over there is that for that 30 days free trial they do not ask for any credit card information. so you need not worry much . Just can go and sign up and get your free 30 days SSL certificate and use for your site if you need one.

Please note that for blogging and everything you need not have SSL Certificates i guess. This is mainly used in banking websites or sites which involves financial transaction. But however from this year 2010 Gmail runs by default using SSL


these are more new useful information. thank you nirmaldaniel for your explanation. this will help me and make my work on security easier. my blog didn't contain any online transactions, i don't use any paypal or bank transactions,i just publish my own articles. i think i will make some research first.