Website Security Tips

Read these 27 Website Security Tips tips to make your life smarter, better, faster and wiser. Each tip is approved by our Editors and created by expert writers so great we call them Gurus. LifeTips is the place to go when you need to know about Web Hosting tips and hundreds of other topics.

Website Security Tips has been rated 3.2 out of 5 based on 935 ratings and 1 user reviews.

Digital Authentication Required

In order to have a secure website, you will incur some costs. There are generally higher costs to host a website with SSL (Secure Socket Layer) security. Your server will provide you options, but if you host a website which does any type of e-commerce, you should purchase the web hosting plan which includes SSL, and a dedicated IP address. Then you need to purchase a SSL certificate from a company such as VeriSign or Geotrust. The price is generally around $50 but are higher depending upon the level of protection and insurance you want for a secure website. The SSL certificate provides the encryption you need to get private information from your customer to you without being intercepted from outside sources. The extra cost for having a secure website is a small amount compared to the amount of customers you will lose if you cannot protect their information.

   
How do I keep my mail server secure?

Securing Your Mail Server

Like taxes and death, spam seems to be an inevitable part of life these days. We all receive it in our inboxes, but where are the spammers sending it from? Secure your mail server so the right recipients get your emails and they don't end up in a spam folder.

-If you have a wireless connection, be sure to password protect it. Spammers will find unprotected connections and send spam.

-Make sure your mail server has a legitimate and qualified domain name. Even if your email address has your company name, your IP address could be generic and therefore get pushed into a spam folder.

-Stay on top of security patches and anti-virus software and keep your mail server up-to-date.

   

Securing Your Mail Server

If you aren't interested in maintaining a Web site, you can still get email through an email hosting plan. With companies like Hosting.com, the price is based on the amount of space you want. For instance, 50MB (or 10 email addresses) is approximately $5, while 400MB (80 email addresses) is approximately $35. Many email hosting plans allow you to also filter your incoming mail, manage contacts with an address book and allocate space among mailboxes. The best part about many of today's email hosting plans is that they are wireless-enabled, meaning you can send and receive emails from a wireless piece of equipment, like a PDA or cell phone.

   

Importance of SSL (Website Security)

If you do not have web site security you will not only lose customers but your ecommerce transactions will also be vulnerable to theft and privacy violation. It is absolutely vital your ecommerce website have strong web site security and that you communicate to your visitors that their information is protected.

   
Why should I use SSL?

Importance of SSL (Website Security)

Any website which conducts business over the Internet and has e-commerce transactions should use SSL (Secure Socket Layer). It is the standard way to secure transactions by encrypting data and providing authentication over the web. SSL prevents hackers from accessing personal information, prevents eavesdropping and tampering of information. All major web browsers have some built-in security capabilities, but if you have a website your server also needs security. That security is provided through an SSL certificate from a certificate authority such as VeriSign or Geotrust.

   
What should I look in website security?

Website Security Issues

When you are searching for a web hosting provider with security you should consider a few things. First does the web hosting provider offer a relationship with an SSL certificate provider? If you have a particular feeling toward one provider over another, you should make sure your host is compatible. Does the web host permit binary scripts or applications? Binary code can put your site at risk because it is not secure. Good web host providers will not allow binary code on their shared hosting. Good hosting also will make sure to provide the most current service patches and fixes for their software to make sure they are up-to-date on their security. You can also check on firewall systems which block hackers, and the physical security of their servers. Once you have your website security set up, make sure to use good passwords including numbers, symbols and letters (not words and not the same password you use elsewhere.) Also be sure to have your own anti-virus software and keep it updated.

   
How do I set up a personal firewall?

Personal Firewall

Personal firewall software is easy to set up. If you have your own website, your web hosting company should already have firewall software installed, so you simply need to protect your own personal system from intruders. Each firewall software varies a little bit for installation. Once you purchase your personal firewall software, simply follow the instructions given. If you have problems, contact the company who produced the firewalls software and they can help step you through the problem. The best firewall software has regular updates because there are constantly new threats cropping up and you want to make certain you have the latest security.

   
Is there free firewall software available?

Free Firewall Software

Firewall software is not very expensive and well worth a small investment to protect your data. Windows XP comes with a built-in firewall and may conflict with other firewall software, so make sure you use one or the other but not both at the same time. There is free firewall software available however many are not kept up-to-date which seems to negate the purpose behind having a firewall. There used to be many free firewalls software programs but now there are only a few left. You need to examine what you are getting for free and if it will provide the security you want. You can settle for a simple lock on your door, or you can get a full-blown security system. The costs associated with having your system attacked are high, so generally it is worth a small investment to make sure you are protected. Both Norton and McAfee offer personal firewall software for a low price and are respected in the industry. There are many other firewall software programs out there, just make sure you are truly getting the security you need.

   
What do I need to know about web site security?

Educating Yourself on Web Site Security

There are a lot of serious issues concerning running a secure web site and web site security in general. If you're wondering if your web site needs to be secure, or if your web site is as secure as it should be, the first step is to educate yourself about web site security. Consider the following:

* Your web site should have a secure component if you plan to collect customer data from a web form.

* Your web site must have a secure component if you plan to collect customer credit card numbers.

* You should have basic security measures in place on any web site to prevent unauthorized access to your web site.

* Your web hosting provider should be able to tell you what security measures it takes for every site as part of regular business procedures and what extra security measures you can purchase.

   
How do I secure my ecommerce site using SSL?

Ecommerce Web Security

Web security is a top priority when you have an ecommerce website. You should consider that the top reason people do not purchase online is because of fear that their personal information is not secure. If you make sure to let your customers know you are concerned about web security and have an SSL certificate for your site, they may feel more comfortable and be more willing to make purchases. In order to get ecommerce web security, you will need a dedicated IP address (provided through your web hosting company), and a SSL certificate which you will need to purchase through a company such as VeriSign, Geotrust, or Thawte. Your webhost may have an arrangement with one of the certificate providers and include a certificate in one of their web hosting packages. SSL provides data encryption, server authentication, client authentication and message integrity.

   
Should I pay for a security audit?

Do I Need a Security Audit?

A web site security audit by a trained pro can be really helpful, but it won't come cheaply. It's probably worth it if you're running your own server and collecting credit card numbers or important customer information. If you are running a simple brochure site, it's not going to be as necessary. If you use a commercial hosting provider, find out how often the provider performs security audits.

   
Do I need 128-bit security?

128-bit vs. 40-bit security

There are two types of encryptions generally available to the public for web site security -- 40-bit and 128-bit. These refer to the length of the code keys used to encrypt and decrypt data going to and from the secure web site. 40-bit was the standard up until the last few years, when 128-bit was launched, making it much tougher to use brute computer force to crack a code. Both 40-bit and 128-bit security certificates are still available publicly. As you might expect, a 128-bit certificate is more expensive. Which one do you need for your secure web site? 128-bit is the best choice, especially if you are storing data rather than holding it temporarily. If you are only transporting data and not storing any of the information, 40-bit can work. But why not be safer and go 128-bit?

   
What is the best firewall software?

Best Firewall Software

There are so many options when it comes to firewall software. Which one is the best firewall software out there? Actually the best firewall is not software alone, it is a combination of hardware and software that are most effective. Firewall hardware can be costly but if you run a business and have sensitive data, it is worth the investment for the protection. There are hardware routers you can install between your modem and computer that are not extremely expensive, so you just need to decide how much security you want to have. For your personal system firewall software is easy to install and fairly inexpensive. Norton and McAfee both offer good firewall software, but there are many options available. The best firewall software may be different for different system setups. Make sure you find software that has automatic and regular updates otherwise your firewall may be in place but become outdated quickly and therefore not offer good protection for your system.

   
How much security do I need for my site?

How Much Security Do I Need?

How much web site security do I need for my site? It's a question with no single easy answer. Generally, it's required to have a secure web site, with an SSL server and digital certificate if you are running ecommerce and collecting credit card numbers. Some sites will use a secure server to collect customer data. But for most sites that do not collect sensitive data like credit card numbers, a secure server can be overkill. If you need to make part of your site secure -- accessible by password, for example -- you or a programming consultant can build your own custom security to manage password users and to keep others out. It's not foolproof, but for most sites it does the job.

   
What are SSL Certificates?

SSL Certificates

SSL certificates (or “digital certificates”) are a way to use encryption to secure sensitive data across the internet. SSL stands for Secure Socket Layer. It is basically providing a secure way to transmit data. SSL certificates are issued by companies such as VeriSign, GeoTrust, and Entrust to individual website owners. Having SSL is vital if you have an ecommerce website, so your transactions are protected from outside sources. Digital certificates encode messages from the sender and decode the messages when they are received by the addressee. Any owner of a website which conducts ecommerce should have a SSL Certificate. Pricing varies from each SSL Certificate provider, so make sure you check out your options.

   
What are the benefits of using a firewall?

Benefits of Using a Firewall

Anyone who has had their computer security breached, private information stolen, or been attacked by a computer hacker, understands the importance and benefits of having a firewall and anti-virus software. There are various types of firewalls including physical hardware such as a router, and software to be installed on web hosting servers as well as personal firewall software. Firewalls provide network administrators a way to manage Internet privileges; they protect LANs (Local Area Networks) from intruders, and can also provide security for individual computer systems. Web hosting providers should have firewall protection for their server. A firewall that is configured properly makes it harder for outside hackers to find your system and therefore interfere with your data. If you should get hacked or obtain a worm or virus on your system, firewalls can also block attacks which could launch from your system to protect others.

   
What is a firewall?

Definition of a Firewall

A firewall is a security measure that prevents hackers and outside sources from successfully attacking your computer, by examining all communication between your computer and outside sources. If a threat is perceived, the firewall will block the communication. A firewall can be hardware or software. Your web hosting company needs to have a firewall in order to protect anyone from destroying or damaging the websites hosted on their servers. You should have a personal firewall (usually software) to protect your personal computer from being breached. Although firewall software is good protection, there is still not a 100% guarantee that your system won't be vulnerable. Make sure you install firewall software updates regularly because new threats occur all the time and you want to have the latest security.

   
Do I need a digital certificate?

Digital Authentication Required

A digital certificate is a piece of software that allows any web browser accessing your site to authenticate that you are running a secure web site. Once the browser authenticates your web site's authenticity and web site security, it will show the user a locked padlock symbol or key on the browser, indicating that the site has been authenticated and is OK to use securely. You will need a digital certificate for your site if you plan to run a secure server. You can usually purchase a secure certificate through your web hosting provider, or from a web security specialist like Verisign.

   
My site got hacked? What do I do now?

Help, I've Been Hacked

If you've been hacked, you need to take immediate action. It's not just a matter of losing or exposing sensitive data from your once-secure web site, which is in itself a big problem. Besides the data loss, you have to deal with this: You don't know what "trap doors" the hacker left behind. Your web site security is useless. So even if you change all your passwords and file permissions, the server could still be exposed. Do not -- repeat, do not -- continue using the server. If you are working with a hosting provider, the provider should inform you of the problem and what is being done about it. If you are on your own, consider bringing in a security consultant. This is a real problem. It can't be ignored.

   
Why should I use an Internet firewall?

Reasons to use an Internet Firewall

Every computer user who connects to the Internet needs internet firewall protection. You may think your system is safe since you only go online once in a while and send email. In this day no system is safe and without firewall protection, you are basically opening your door to hackers and thieves. You may feel that no one would want to get into your system, but some hackers have created robots that scan the Internet and if they find a non-protected system they attack. If you are connected to the Internet via cable you are especially vulnerable because your system is constantly connected, therefore it is vital for your security that you have Internet firewall software installed on your computer.

   
What is SSL?

SSL (Secure Socket Layer)

What is SSL and what does it do? SSL stands for Secure Socket Layer. It is used to ensure security for a web site and especially during ecommerce transactions. You know if you are on a secure site if you see https:// rather than http:// at the beginning of the website address. SSL encrypts data between the website and the web browser so it is protected from being intercepted by an outside hacker. If you are sending personal data such as credit card information or social security number, make sure you are using a website which has SSL, or your data can be easily intercepted and used by hackers.

   
What is a secure server?

Securing Sensitive Data

The most common method of creating a secure website is by purchasing access to a secure web server or making your own server secure. A secure web server is a server that uses a security protocol, most commonly SSL, to encrypt and decrypt information as it is transfered to and from the web server. This means the server turns customer credit card information, for example, into a secret code that is very difficult to crack. Most web hosting providers offer SSL secure servers as part of an ecommerce hosting plan, or as an option on a standard web hosting plan for anyone who wants to enhance web site security. You will need a secure server if you plan to run an ecommerce site, or to collect sensitive customer information.

   
I am not doing ecommerce. Is my site secure?

Secure Web Site, Really?

Even computer security experts agree: No web site is ever completely secure. Secure web sites live on servers, which are part of computer networks. Even the Internet itself is a big network. A smart and determined hacker is going to get into your site if he wants to. It's up to you, or your network security team, to minimize the damage and prevent that door from being used again. If your web site lives on a server owned by a web hosting provider, the provider should have a web site security policy. Ask the salesperson for the web site security policy before making a final decision on hosting. If you're running your own server, you need to make sure you are running the latest security patches and check your file permissions to ensure you are limiting direct access to changing any files on the server. Web security is a complicated, ever-changing subject. If you're running your own web server, it's worth some serious study. But remember, the best you can do is make it more difficult for someone to break in, not impossible.

   
Do I need a dedicated SSL certificate for my ecommerce site?

Which is Best - Dedicated or Shared SSL Certificates?

Many ecommerce hosting plans include a free shared SSL certificate. This is a great way to save money when it comes to setting up your site, but it may not always be the best move for your business. One major problem with a shared SSL certificate is that you may lose customer confidence. This is due to the fact that the certificate will not be registered in your company name, but rather, in the name of your hosting company.

As browsers begin to share more information about SSL certificates with website viewers, this can be a major issue. Your certificate will appear as though it does not belong to you, and your customer's browser will tell them this. It really is a small investment to purchase your own SSL certificate, when you weigh the fact that you can increase customer confidence, and as such, your sales.

   
Do I need a dedicated SSL certificate for my ecommerce site?

Which is Best - Dedicated or Shared SSL Certificates?

Many ecommerce hosting plans include a free shared SSL certificate. This is a great way to save money when it comes to setting up your site, but it may not always be the best move for your business. One major problem with a shared SSL certificate is that you may lose customer confidence. This is due to the fact that the certificate will not be registered in your company name, but rather, in the name of your hosting company.

As browsers begin to share more information about SSL certificates with website viewers, this can be a major issue. Your certificate will appear as though it does not belong to you, and your customer's browser will tell them this. It really is a small investment to purchase your own SSL certificate, when you weigh the fact that you can increase customer confidence, and as such, your sales.

   
Why is it important to have web hosting security?

Benefits of Web Hosting Security

If you have ever purchased anything online, you know the feeling of trepidation before you click the button to send your personal credit card information off into cyberspace. Security has become one of the major concerns for those who do business online. There are hackers who break into sites and steal confidential information. There are viruses and worms which can destroy web hosting systems. Security is a vital aspect of today's online transactions. Consumers should be careful to chose web hosting security which are proven. Shared web hosting environments need specific security measures which ensure privacy and that keep other customers from interfering with another customer's operation.

   
Do I need an email hosting service?

Safe Email

Ask any IT department manager what his biggest problem is and among the first things he brings up will be spam and email security. Junk email is a nasty and expensive epidemic. Nasty viruses that bring down networks worldwide are almost always spread via email. What's a business owner to do? Consider an email hosting service that specializes in email security. A good email hosting service will offer server-side spam and virus detectors that clean out potential problem emails before they get downloaded onto local area networks. Most hosting providers provide email hosting services along with web site hosting. Find out if your provider offers server-side spam and virus filters.

   
Not finding the advice and tips you need on this Web Hosting Tip Site? Request a Tip Now!


Guru Spotlight
Ray Lokar