By Ron Johnson
February 5, 2013 in Web Hosting
A surprising number of websites are lacking proper security. Website security tools should be a standard component on any website, especially when you are handling personal, financial or other sensitive user data. Even if you just have a small website, when you’re handling customer data, you are a target for hackers. Without appropriate security, your website is wide open to attacks.
It starts with malware of viruses infecting your desktop computer – from there, they can spread to your email account and website. This is what makes strong antivirus software so important. Antivirus software will regularly scan your computer and constantly monitor for potential threats. When your antivirus software finds something suspicious it can bring the threat to your attention and in many cases remove and quarantine the threat right away.
Software also offers updates for their programs when bugs are fixed and security holes are patched. Typically your software programs will automatically alert you when updates are available. Whenever a security update is published for your software, make the time to get it. Updates patch weaknesses and other problems that expose holes for hackers to take advantage against, and prevent you from new viruses.
It’s also important for your computer to have a solid firewall. A firewall is a barrier between your computer and the outside world. When a program on your computer attempts to access the Internet or your own network, it must first be allowed by the firewall. Firewalls protect your computer from unauthorized access, and prevent infected computers from spreading. Antivirus software often includes a firewall.
Web hosting companies typically offer SSL encryption for your website. SSL means “Secure Sockets Layer” – it is like a secure tunnel which your data can be sent across a network. SSL encrypts the data that you’re sending, and breaks it into smaller packages that are virtually impossible to exploit or decode. If a hacker manages to get a hold of your data, as long as it is heavily encrypted then they won’t be able to tell what the data contains.
Web browser recognize the SSL protocols and automatically encrypt data sent across an SSL connection. In order to get SSL encryption, you need an SSL Certificate from a Certification Authority.
Once you have an SSL certificate, all of the secured pages on your website will use the HTTPS protocol instead of ordinary HTTP. The “S” indicates the extra layer of protection. Now, login pages and other secure areas of your website can use HTTPS to encrypt all information being sent. SSL is, however, noticeably slower than standard HTTP so it should only be used for pages that need to be secured.
Plugins and addons can add great functionality to your website and save a significant amount of time. Some of these plugins are designed to enhance your website’s security. There are many free security tools and plugins available for your website, so look around and read the reviews to see what is available and what is most highly recommended. It can be wise to have a good security plugin running on your website, but don’t go overboard with too many. Typically one good plugin is more effective and safer than a half-dozen mediocre ones. Having too many plugins can actually increase your risk of a security problem.
There are a variety of tools available to test your website’s security weaknesses. Some of these programs include NetSparker, Websecurify, Wapiti, and N-Stalker. Security scanning programs like these will inform you on what you need to do to increase the security of your website. Run these periodically – and keep in mind that your security is only as strong as the weakest link.