How to make your website secure?

Website security 101

understanding the basics and knowing your enemy

Your website is probably an important part of your marketing strategy. If it isn’t secure, then you risk exposing sensitive information such as customer names, credit card numbers, or even personal details. Hackers can steal your customers’ data and sell it on the black market.

They can easily access your site through a variety of methods, from simple phishing attacks to malware infections. And also gain access to your database using SQL injection techniques.

That is why website security has become a crucial part of a successful business.

You need to protect your website from malicious code and your data from being stolen. The good news is that you can prevent these threats with some basic security measures.

Hacker illustration

Here are essential things that you can do to safeguard your website right now:

1. Secure domain ecosystems

When it comes to cybersecurity, the domain ecosystem is a vital component. It is the backbone of every website and server.

The domain ecosystem consists of two parts: registrar and DNS records. The registrar handles all domain registration requests, while the DNS records are responsible for translating human-readable URLs into machine-readable IP addresses.

To secure this ecosystem, you need to review both registrar and DNS records for all domains. Make sure that there are no suspicious changes in any of them and change all default passwords.

The registrar is the company that provides hosting for your domain and DNS records.

The registrar will also provide you with the default password for your account, which you can change once you log in.

When reviewing your DNS records, it is important to check if there are any errors or outdated information in the records.

How can we help:

If you have registered your domain with Extilum, these are instructions on how you can manage your domain.

  • Check and change domain contact information here.
  • Reset password for Client area.
  • To keep it even safer, you can buy additional domain ID Protection.
    It protects your personal information and reduces the amount of spam in your inbox.
    Login to the Client area and go to this link.

2. Secure data in transit

HTTPS ensures that data sent from the server to the browser remains unreadable by anyone except the sender and receiver. It does this by encrypting all information before it leaves the server.

To ensure website visitors are as safe as possible, enforce HTTPS on all your domains.

How can we help:

3. Keep software and plugins up-to-date

It is important to keep software and plugins up-to-date. Software updates are released almost every day, and they are not just bug fixes. They might include security patches that could protect the website from being compromised by hackers and patch any security holes.

Keeping your software and plugins up-to-date is a necessary habit to have. It helps you with the security of your site, and it also ensures that you’re not wasting time on outdated or unused plugins.

How can we help:

If you are using WordPress, here are tutorials for WordPress security and updates:

“Security in IT is like locking your house or car – it doesn’t stop the bad guys,
but if it’s good enough they may move on to an easier target.”
Paul Herbka

4. Choose strong passwords and regularly update them

Here are our strong password tips:

  • contains at least one letter, number, capital letter, and special character
  • have at least eight characters
  • should not be something that anyone can easily guess
  • never use the same password twice
  • keep your passwords in a safe place like the Password Manager App (You may need to spend time choosing the right app for you)
  • regularly update your passwords (every three to six months).

How can we help:

5. 2FA

The two-factor authentication is a security measure that requires the user to provide two different types of identifiers, one of which is something only the user knows (a password) and one that is something the user has (a physical token).

The time has come when having a strong password is just not enough. Hackers are getting smarter and more aggressive in finding vulnerabilities, so 2FA has become a necessity for your peace of mind.

We urge you to start using 2FA right now!

How can we help:

“Privacy – like eating and breathing – is one of life’s basic requirements.”
Katherine Neville

6. Good Web host

Web Hosts provide server security features that better protect your uploaded website data.
If you are looking for a host, you should look for these things:

  • SSL availability and support
  • Backup & restore features
  • 24/7 customer support
  • Availability and uptime
  • Transparency about hosts features and usage policy (don’t use unlimited hosting because there is no such thing)
  • Transparency about hosts’ data center locations
Security icon

7. Website backup solution

Website backup is a must for every website. It is the only way to keep your site data safe in case of a disaster.

The most common methods of backing up a site are:
Manual backup: the most basic and usually involves downloading copies of all your files, databases, and images to an external storage device.
Automated backup: with plugins or with third-party services.
Cloud storage: usually with Amazon S3, Dropbox, or Google Drive, and it allows you to store your files on the cloud server and access them from anywhere in the world.

The most important rule is to use at least two backup methods for the same website. Your backups should be stored in different places with no connection to each other. This is a must, for your peace of mind.

How can we help:

“Security is always excessive until it’s not enough.”
Robbie Sinclair

8. Web application firewall

A web application firewall is software that monitors and filters the incoming requests to the web application. It’s a good idea to install it before launching the web application.

Web application firewalls are designed to protect the applications from various threats such as SQL injection and cross-site scripting. These types of attacks can cause serious damage to your business, so it is important to have protection in place before launching your app.

It filters and blocks the requests to the webserver to prevent any malicious activity. The web application firewall can be installed on the machine where the website resides, on a proxy server, or both.

Also, to be safe, install an antivirus on your device that you use to assess your web page and your server and keep It updated.

How can we help:

If you use Extilum hosting, We keep you safe with:

  • Web Application Firewall (OWASP and cPanel)
  • NGINX Reverse Proxy
  • Antivirus

9. CAPTCHA

A CAPTCHA is a type of challenge-response test used in websites to determine whether or not the user is human.
CAPTCHA is often used to prevent abuse of a system by automated computer programs, such as those engaged in web scraping, brute force attacks on passwords, and other malicious activities.
CAPTCHA has been around for about 20 years now and has been used by many companies on their websites for this purpose.
It usually presents you with an image of some text that you need to type in, and the website will then tell you if it was able to decipher what you have typed in.

Now it’s advanced to reCAPTCHA v3 from Google.
reCAPTCHA v3 helps you detect abusive traffic on your website without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score so you can choose the most appropriate action for your website.

How can we help:

Here is a Google help guide.

Hacker fishing illustration

10. Hotlink protection

There are several reasons why you would want to enable hotlink protection on your website:
1. To prevent bandwidth theft
2. To prevent unauthorized use of your images, videos, and other media files.
3. To protect the loading speed of your site.

Hotlink protection can be set up so that any links to your site are either prevented or redirected to a different URL.

How can we help: