10 tips to improve your website security
•
0 likes•440 views
10 relatively simple steps you can take to dramatically increase the security of your website. Understanding them will provide insight into how to help make you a better web master/site operator.
More Related Content
What's hot
What's hot (20)
Similar to 10 tips to improve your website security
Similar to 10 tips to improve your website security (20)
More from Sucuri
More from Sucuri (20)
Recently uploaded
Recently uploaded (20)
10 tips to improve your website security
- 4. Overwrite your files Steal sensitive information
- 5. Overwrite your files Right clicks and presses Delete Steal sensitive information
- 6. Overwrite your files Right clicks and presses Delete Re-direct your clients to other websites Steal sensitive information
- 7. 10 Tips to Improve Your Website Security 1. Update, Update, Update 2. Security Response 3. Extension Selection 4. Server Configuration Files 5. File Permissions
- 8. 10 Tips to Improve Your Website Security 6. Sensible User Access 7. One Site, One Server 8. Backups 9. SSL 10. [Secret Topic]
- 9. Update, Update, Update! • Most hacking these days is automated • Check for updates frequently!
- 10. Update, Update, Update! • Check your server for old CMS installations! • “But my website breaks whenever I update to the latest version!”
- 11. Security Response • Using popular CMS frameworks can result in being targeted by hackers for purposes of distributing malware and viruses • Difficult to gauge what the potential damages of an insecure/hacked website • Average costs start at $200 yearly *Prices based on WPsitecare.com
- 14. Extension Selection • Check for when it was last updated • Age of the extension • Number of installs • Verify its source • Average cost of WP Premium theme is $46 *Prices based on www.wpvirtuoso.com
- 15. Default CMS Settings • Most attacks are entirely automated and many attacks rely on default settings
- 16. Server Configuration Files • Prevent directory browsing • Prevent image hotlinking •Protect sensitive files
- 17. File Permissions “How do I restrict my image directory? How do I prevent directory browsing?”
- 18. File Permissions Read (4): View the file contents. Write (2): Change the file contents. Execute (1): Run the program file/script
- 19. File Permissions
- 20. File Permissions
- 21. File Permissions • Confirm your permissions status For files use: find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -exec chmod 644 {} ; Everyone can read the file but only the owner may write to the file For directories use: find /home/xxxxxx/domains/xxxxxxx.com/public_html -type d -exec chmod 755 {} ; Everyone may read/execute (run) but only the owner(you) may change the directories
- 22. Sensible User Access • Every user has the appropriate permission they require to do their job • Separate user accounts for every user
- 23. Sensible User Access • Monitor any recent file changes find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -ctime -1 -exec ls -ls {} ;
- 24. One Site, One Server With 5 sites on a single server now an attacker might have: 2 WordPress installs 3 Joomla! installs 5 Themes 50 plugins that can be targets
- 25. One Site, One Server Cross-Site Contamination: Biggest reason for single server spread of infection Average cost of separate server space: $47 monthly *price from whoishosting.com based on differences between shared ($3.95) / VPS ($29.99)/ dedicated ($99.99) servers
- 26. Backups • Should be stored offsite and not on the same server as your website (e.g. Dropbox) • Should be automatic • Adjust frequency as needed • Test backups to make sure the work!
- 27. Backups • Consider backing up only key files (i.e., themes, plugins, extensions, etc…). • Often backing up core directories like administrator, includes will be unnecessary • Average Costs: $5 - $10 monthly *Prices based on top 30 solutions from Cloudwards.net
- 28. SSL What are the benefits? • Encrypts communications between Point A & Point B – the website server and browser. •E-Commerce security, websites with sensitive user data or Personally Identifiable Information (PII)
- 29. SSL What does it protect exactly? •E-Commerce security, websites with sensitive user data or Personally Identifiable Information (PII) Costs for SSL certificate can range anywhere from $225 to $399 annually *Prices based on actual figures from SSLShopper.com
- 30. SSL “But I don’t have anything special to protect!”
- 31. SSL
- 32. [Secret Topic]
- 34. Passwords mean P@s5w0rD$ • 3 key requirements should always be followed (CLU – Complex, Long, Unique) • Complex: Should be random • Long: Should be 12+ characters • Unique: Do not reuse passwords
- 35. Passwords mean P@s5w0rD$ • Use a free password manager (LastPass, KeePass 2)
- 39. Summary What is the true cost to incorporate all these forms of website security?
- 40. Summary Annually: $579 Monthly: $48 *Shared hosting with lower rates
- 41. Summary Annually: $579 Monthly: $48 vs. Daily: $100? $1,000? *Shared hosting with lower rates
- 42. Summary Annually: $579 Monthly: $48 Investment Consequence *Shared hosting with lower rates vs. Daily: $100? $1,000?
- 43. Summary Annually: $1,126 Monthly: $94 *VPS with higher rates Investment Consequence vs. Daily: $100? $1,000?