1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I keep my website safe?

Discussion in 'White Hat SEO' started by Indi Subir, Feb 8, 2017.

  1. Indi Subir

    Indi Subir Registered Member

    Joined:
    Jan 21, 2017
    Messages:
    88
    Likes Received:
    9
    Gender:
    Male
    I'm having a developer come and change my website up.

    How do I make sure it's safe? I know nothing about coding.

    All i did was back it up from hostgator.
     
  2. Arc999

    Arc999 Registered Member

    Joined:
    Aug 18, 2010
    Messages:
    53
    Likes Received:
    19
    You mean safe from the developer who is coming to work on it? or safe from hackers online?

    If you know nothing about general website management, it will be tough...

    If your website is simple html / css / php without database, just a frontend catalog type of website, then its easy for you, just keep the backup of the website and whenever something happens to it, delete everything in your public_html folder in FTP and upload your backup. then change all the passwords, CPanel, FTP etc..

    Since WordPress is most popular CMS and it powers almost half of the websites online, Im gonna assume you have a wordpress based website.

    Here is some very basic tips to keep it safe, but trust me, these basic tips can keep you safe on a long run, unless someone will try to specifically target your website.


    1) Start using strong passwords on everything - CPanel, FTP, WordPress admin panel.
    2) Do NOT, I repeat, Do NOT use "admin" username.
    3) Search for several of the plugins that disable WordPress Meta Generator, there are lots of scripts that crawl the web looking for WordPress websites. If they dont know you use wordpress, thats already excluding your website from thousands of lists of potential targets to hack.
    4) Install a good security plugin. I like using All In One Security Firewall (by the way, this does take care of WordPress Meta Generator Issue), google for tutorials on settings for this plugin.
    5) Keep your plugins & the WordPress core up to date. Always update them.
    6) Do not install unnecessary plugins, delete the ones that you dont use anymore.
    7) Make sure, your theme has debug settings set to OFF.
    8) Use a good CDN, or at least use free cloudflare.
    9) Good caching will take you far.
    10) Minimize your CSS & JS files and load them from outside of wp-content/your-theme folder. One more and very good way to hide that you are using WP, after removing the WP Meta generator.
    11) If you dont need it, disable user registration and trackbacks.
    12) Use a well coded theme.
    13) change the default login URL of WP.
    14) install and configure backup plugin. I backup DB daily and the whole website weekly. There are several plugins that can do this for you and send backups to google drive or dropbox.
    15) Install good anti spam plugin and monitor your comments - or disable them if you dont need it.

    From the top of my head, these are the basic and good steps to take. I'll add on if I remember something else.

    If you dont have WordPress, these tips might help someone else anyways.

    Stay safe and good luck :)
     
    • Thanks Thanks x 4
  3. BigLeague

    BigLeague Newbie

    Joined:
    Dec 11, 2016
    Messages:
    40
    Likes Received:
    8
    Hire a good developer and it will be safe.

    If you're having trouble hiring then you can hire someone to hire for you.
     
  4. Pinktoe

    Pinktoe Regular Member

    Joined:
    Sep 26, 2016
    Messages:
    304
    Likes Received:
    146
    This is an amazing check list. Appreciate the effort put into this
     
    Last edited: Feb 8, 2017
  5. Backopy

    Backopy Newbie

    Joined:
    Feb 7, 2017
    Messages:
    17
    Likes Received:
    3
    Occupation:
    404
    Location:
    Sydney
    Great guide, Arc999.

    Some additional tips;

    1. Instead of using passwords, try to use key based authentication where possible and use 2FA.
    2. Use an enterprise vulnerability tester and scanner like Acunetix to test your site for vulnerabilities.
    3. If possible, hire a dedicated person to monitor your site. They'll likely install a number of scripts and be notified immediately when/if a hacker breaches your security - allowing for rapid response time and resolution. Hiring a dedicated person to manage your security will greatly benefit you in the long term.
     
  6. bekemew

    bekemew Senior Member

    Joined:
    Dec 27, 2015
    Messages:
    886
    Likes Received:
    399
    great shares!
     
  7. Indi Subir

    Indi Subir Registered Member

    Joined:
    Jan 21, 2017
    Messages:
    88
    Likes Received:
    9
    Gender:
    Male
    I love you for replying.
    But i meant from the coder.
     
  8. keywordspot

    keywordspot Jr. VIP Jr. VIP

    Joined:
    Dec 17, 2013
    Messages:
    5,432
    Likes Received:
    1,899
    Gender:
    Female
    Occupation:
    Inbound Marketer
    Location:
    Near Hill Station
    Just try this,
    • Get good and professional hosting
    • Update, update, update - Keep your software up-to-date
    • Start using two-factor authentication
    • Build layers of security around your site
    • Use strong passwords and change regularly
    • Use HTTPSInstalling SSL will solve all your security issues.
    • Use some website security tools
     
  9. Arc999

    Arc999 Registered Member

    Joined:
    Aug 18, 2010
    Messages:
    53
    Likes Received:
    19
    As a developer with more than 10 years experience, I can assure you, This is not true.
    Take, for example sslstrip, or breach.
    SSL itself does NOT provide security of the data, once the data is stored on server. SSL encrypts the data during the submission, so that even if it is intercepted, data is encrypted and secured. There are attacks that remove the SSL during the submission as well, but thats whole different case.

    In anyways, suggestion is good. Definitely use SSL, in next couple months SSL will be forced on ALL websites anyways, you can google and research this. But do not think that you are all secured and safe since you have an SSL.


    Well, if you have no idea about coding and you are hiring someone, they could hurt you if they wanted to...
    Hire someone reputable and professional! :))

    I will not try to sell my services here, but if you need a quick bugfix or something in 1 hour work range, I might be able to take a look at your website during the weekends - for free! :)
     
  10. David Jones

    David Jones Regular Member

    Joined:
    Jan 31, 2017
    Messages:
    277
    Likes Received:
    42
    Gender:
    Male
    Location:
    New York
    Home Page:
    hire someone who is master in testing of sites. tester knows everything about how to find loophole or bugs everythings.
     
  11. Indi Subir

    Indi Subir Registered Member

    Joined:
    Jan 21, 2017
    Messages:
    88
    Likes Received:
    9
    Gender:
    Male
    What do testers do? Just sit and test?