- Add HTTPS and an SSL Certificate
- Choose a Smart Password
- Use a Secure Web Host
- Does the web host offer a Secure File Transfer Protocol (SFTP)? SFTP.
- Is FTP Use by Unknown User disabled?
- Does it use a Rootkit Scanner?
- Does it offer file backup services?
- How well do they keep up to date on security upgrades?
- Record User Access and Administrative Privileges
- Change Your CMS Default Settings
- ‘Read ‘(4): View the file contents.
- ‘Write ‘(2): Change the file contents.
- ‘Execute ‘(1): Run the program file or script.
- Owner – Often, the creator of the file, but ownership can be changed. Only one user can be the owner at a time.
- Group – Each file is assigned to a group. Users who are part of that specific group will gain access to the permissions of the group.
- Public – Everyone else.
- Backup Your Website
- Know Your Web Server Configuration Files
- Apache web servers use the .htaccess file
- Nginx servers use nginx.conf
- Microsoft IIS servers use web.config
- Apply for a Web Application Firewall
- Tighten Network Security
- Have computer logins expire after a short period of inactivity.
- Make sure your system notifies users every three months of password changes.
- Ensure all devices plugged into the network are scanned for malware each time they are attached.
As a business owner and webmaster, you cannot merely set up a website and forget it. Although website creation is easier than ever, it does not change the fact that security maintenance is necessary.
Always be proactive when it comes to protecting your company’s and customer’s data. Whether your site takes online payments or personal information, the data visitors enter into your site must land in the right hands.