1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Website Security

Discussion in 'White Hat SEO' started by LaNet, Jun 5, 2016.

  1. LaNet

    LaNet Regular Member

    Joined:
    May 29, 2016
    Messages:
    263
    Likes Received:
    53
    Location:
    Look Back
  2. 0xxi3

    0xxi3 Jr. VIP Jr. VIP

    Joined:
    Mar 25, 2016
    Messages:
    233
    Likes Received:
    82
    Gender:
    Male
    Occupation:
    Collecting Government Benefits
    Location:
    SJW Kingdom
    What a question. There are many things to consider.
    First of all, are you developing it yourself or are you ordering from someone? In either case, what language is back-end going to be written in?
     
  3. LaNet

    LaNet Regular Member

    Joined:
    May 29, 2016
    Messages:
    263
    Likes Received:
    53
    Location:
    Look Back
    I am developing. English...
     
  4. 0xxi3

    0xxi3 Jr. VIP Jr. VIP

    Joined:
    Mar 25, 2016
    Messages:
    233
    Likes Received:
    82
    Gender:
    Male
    Occupation:
    Collecting Government Benefits
    Location:
    SJW Kingdom

    Hahahahahaha, sorry, but I didn't mean that kind of language. Was talking about programming language.
    Okay, look, there are tons of things to consider. These e-commerce types of websites have many vectors of attack.

    My recommendation is, if you are using a popular back-end (server-side) language like PHP, use a framework. For PHP, I would recommend Laravel.
    A framework can solve many basic security holes like client input sanitizing, Database interaction (read as: prevention of SQL injections), XSS holes in your site-wide search engine.

    But since you are the developer, a lot of things will depend only on your expertise. Make sure you know the language you are using, read up on some website security, understand common issues and find out how to avoid them. Everyone had to start somewhere.
     
  5. LaNet

    LaNet Regular Member

    Joined:
    May 29, 2016
    Messages:
    263
    Likes Received:
    53
    Location:
    Look Back
    lol
    i am creating website with wordpress ^^
     
  6. Debian

    Debian BANNED BANNED Jr. VIP Premium Member

    Joined:
    Feb 17, 2009
    Messages:
    1,263
    Likes Received:
    553
    Wordpress is pretty easy to secure. Make sure you investigate the right security plug-ins for wp.
     
  7. Monsterer

    Monsterer Jr. VIP Jr. VIP

    Joined:
    Nov 26, 2015
    Messages:
    1,236
    Likes Received:
    224
    Gender:
    Male
    You could these security plugins for Word press these will be very safe.

    #Word fence
    #Sucuri
    #Vaultpress
    #iThemes
     
    Last edited: Jun 6, 2016
  8. immaletyoufinish

    immaletyoufinish Regular Member

    Joined:
    Mar 3, 2016
    Messages:
    219
    Likes Received:
    111
    I wouldn't ever call wordpress 'very safe' even with those. For maximum security host it on private dedicated hosting for one, next disable xmlrpc.php to avoid getting DDoS/brute forced and change the default table prefix in the database from wp_ to something random to prevent SQLi. Limiting log in attempts is also recommended. Use as few plugins as possible as these are written in isolation by developers who don't know security, they are not subject to quality control and they have direct access to the database. Be very careful with the plugins you install. The fewer the better.

    In addition to that, yes, use one of these security plugins after doing your research on it. I have had OK results with word fence but by itself it's not good enough.
     
    • Thanks Thanks x 2
  9. RuthSam

    RuthSam Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 19, 2010
    Messages:
    3,811
    Likes Received:
    973
    Gender:
    Male
    Home Page:
    This is a great advise in addition to the plugin's.. I was not aware of the issue with XMLRPC.PHP will go straight and get it disable.. you mean you have to rename this file or where can it be disabled?
     
  10. Linkzo

    Linkzo Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2015
    Messages:
    990
    Likes Received:
    192
    I think word fence is the best for security purposes,It could make your site faster which it includes many features.
     
  11. anythingispossible365

    anythingispossible365 Newbie

    Joined:
    May 29, 2016
    Messages:
    24
    Likes Received:
    8
    Location:
    The Internet Jungle
    Almost had a heart attack laughing as well, but great way to answer without making the OP feel small lol. Good job! Lol
     
  12. Boriss

    Boriss Supreme Member

    Joined:
    Nov 7, 2009
    Messages:
    1,427
    Likes Received:
    562
    Location:
    Inside a Monitor
    One tip: always update your plugins and themes. Always!
     
  13. anythingispossible365

    anythingispossible365 Newbie

    Joined:
    May 29, 2016
    Messages:
    24
    Likes Received:
    8
    Location:
    The Internet Jungle
    Another downside to Wordpress as stated above is that plugins are a huge part of it and as stated above plugins are where most vulnerabilities exist and provides access to the database at some levels. Also, what happens when theres no more support or updates for a particular plugin?..Now you've gotta delete it and potentially change the look or feel of your site. As stated above, you can limit that potential trap by not becoming enslaved by multiple plugins. Stick to the tried and true ones and resist the urge to install every new plugin the "internet" suddenly raves about.
     
  14. wisdomkid

    wisdomkid Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2011
    Messages:
    2,710
    Likes Received:
    790
    Sucuri is racist, lol. They mostly block several countries from visiting any website they are installed in. Except you want traffic from a specific country, i won't advice OP to use Sucuri. However, you can set it according to your taste
     
  15. Monsterer

    Monsterer Jr. VIP Jr. VIP

    Joined:
    Nov 26, 2015
    Messages:
    1,236
    Likes Received:
    224
    Gender:
    Male
    This share might be helpful to me man..:)
     
  16. luke6966

    luke6966 Regular Member

    Joined:
    Sep 30, 2013
    Messages:
    394
    Likes Received:
    39
    Make sure you have a proper firewall in place.

    Wordpress is not as safe as some people think.
     
    • Thanks Thanks x 1
  17. towelfox

    towelfox Junior Member

    Joined:
    Jan 11, 2012
    Messages:
    173
    Likes Received:
    55
    This is simply not true. It's security by obscurity and it's not enough. There are many things to consider and it's not just your website implementation. What else is running on the server? Too much to cover here but there are plenty of good resources available for free that are worth reading up on related to server security.

    I would never consider a website completely safe. Regular backups of files and databases are a must. I also back up config files because if something bad happens I want to get back online asap. You could have a mirror of the site too so a simple DNS change can get you back to a known state - Obviously you'll still be vulnerable but it'll give you some breathing space.
     
  18. manpower

    manpower Newbie

    Joined:
    Jun 30, 2014
    Messages:
    48
    Likes Received:
    19
    user letsencrypts free ssl bro :)
     
    • Thanks Thanks x 1
  19. nithya jacob

    nithya jacob Newbie

    Joined:
    Apr 26, 2016
    Messages:
    2
    Likes Received:
    0
    Occupation:
    writer
    Location:
    USA
    Home Page:
    Web security is a branch of security that typically deal with website security such as security of wesites, web application and services. Websity must have security then only we can prevent from external attacks. For more details visit http://essaywriting-servicereviews.com/
     
  20. SEO Pearl

    SEO Pearl Jr. VIP Jr. VIP

    Joined:
    Sep 20, 2015
    Messages:
    948
    Likes Received:
    137
    Occupation:
    Real Premium Blogs, Editorial Links & PBN
    - Update your password with strong(alphanumeric,symbols) once in a month

    - Add your site in "Google webmasters tool" for valuable resource of your site security

    Thanks