Pinterest Stumbleupon Whatsapp
Advertisement

It’s easy to make mistakes during the excitement of opening a new website How to Make a Website: For Beginners How to Make a Website: For Beginners Today I'll be guiding you through the process of making a complete website from scratch. Don't worry if this sounds difficult. I'll guide you through it every step of the way. Read More . Firing up a small store, portfolio, or blog is a lot of fun — but dealing with security breaches and hacks is a lot less so. When you’re setting up a new website, it’s important to make sure it’s secure.

Fortunately, most of the things you should do are very easy. Some will take a bit of time, but it’s a worthy investment. Don’t leave your site unprotected! Here are 10 things you can do to keep it safe.

1. Choose a Secure Domain Registrar

When registering your domain, you want to make sure that no one is going to get control over it. If a miscreant is able to log into your domain registrar, they could transfer it to themselves or wreak further havoc.

There are a few options for domain registrars that use two-factor authentication (2FA) What Is Two-Factor Authentication, And Why You Should Use It What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More . This adds a further level of security and makes it much harder for someone else to access. Even if someone manages to get your password, they probably won’t have access to your phone.

Here are some registrars that offer 2FA:

2. Hide Your Information From WHOIS

Every website has a WHOIS entry, and if you don’t take steps to make sure your information there is protected, your name and email address will be easy for spam companies to find. Both your name and email address are necessary for identity theft, so keeping them private could help protect you on that front, too.

Advertisement

whois lookup

Most web hosts offer anonymous WHOIS registration for a small fee, but there are a few that provide it freely. Both Dreamhost and 1and1 let you open up a site with anonymous WHOIS information at no cost.

Whether you decide to pay for it or not, do what you can to keep your name and email (or even just your email address) off of your WHOIS record. It’ll save you the time of dealing with a lot of spam and make it just a bit harder for someone to get a hold of your information.

3. Change Your Passwords

Hopefully this goes without saying, but change your passwords immediately How to Generate Strong Passwords That Match Your Personality How to Generate Strong Passwords That Match Your Personality Without a strong password you could quickly find yourself on the receiving end of a cyber-crime. One way to create a memorable password could be to match it to your personality. Read More . If your domain, host, CMS, or anything else comes with a standard administrator password, change it. You should even change your username from “admin” to something else if that’s the default.

It’s not a bad idea to change your passwords regularly, too. Use a password manager 7 Clever Password Manager Superpowers You Have to Start Using 7 Clever Password Manager Superpowers You Have to Start Using Password managers carry a lot of great features, but did you know about these? Here are seven aspects of a password manager you should take advantage of. Read More to keep track of them, and make sure they’re secure.

4. Update Your Website Software

Once you’ve secured your registration, it’s time to secure the site itself. And the first step in that — much like the first step in securing anything else — is to keep everything updated.

As companies discover holes in their security, they release patches and updates. If you’re not updating your software, you’re going to stay vulnerable. Most hosts make this very easy, and will often remind you to update when there’s a new version available. Even so, it’s a good idea to check your version information regularly.

5. Use Security Plugins

If you’re using a content management system (CMS) 10 Most Popular Content Management Systems Online 10 Most Popular Content Management Systems Online The days of hand-coded HTML pages, and mastering CSS, are long gone. Install a content management system (CMS) and within minutes you can have a website to share with the world. Read More , there are security plugins available for it. The big ones like WordPress 18 Wordpress Security Plugins & Tips To Secure Your Blog 18 Wordpress Security Plugins & Tips To Secure Your Blog Read More , Drupal, Joomla, and Magento all have a ton of them. All you need to do is choose the ones that best fit your situation, then download, install, and activate.

Each CMS and security extension will give you different advice on exactly what you should use. It’s also a good idea to consult third-party reviews on security plugins. But if the plugin is made by a reputable vendor, it’ll help keep your site safe. Use higher-security settings to eliminate even more vulnerabilities, and keep your extensions up-to-date as well.

6. Enable HTTPS

It’s not just your own security that you should think about. Both your visitors and Google will appreciate that you encrypt all of the traffic on your site. Especially if your visitors will be sharing any sensitive information.

Some hosting services automatically activate HTTPS for you, and others let you do it with a click or two. If you’re self-hosting or simply renting server space, you might have to do it the hard way. That involves buying an SSL certificate, activating it, and configuring your site to use HTTPS.

It’s not especially complicated, but the process might differ on your hosting service, so check with them to find the best way to do it.

7. Check Permissions

Various users of your website will have different permission levels. As the administrator, you’ll have permission to change anything you want — other people should be more restricted. CMSes often let you change the permissions for visitors, signed-in visitors, editors, contributors, and many other groups of users.

Think about how much access each group should have. Do your editors need to create new users? Should your readers be able to edit pages? Give everyone the fewest permissions possible for them to do their job.

If you want to get really technical, you can use an FTP client How to Turn Windows File Explorer Into an FTP Client How to Turn Windows File Explorer Into an FTP Client When you need to move files between computers, FTP is a great way to do it. And if you use Windows File Explorer, you no longer need a third-party FTP client. Here's how... Read More to look at all of the files on your site and check out their permissions in symbolic or numeric notation. You can then use the command terminal to change permissions. (If you have no idea what I’m talking about, be careful with this!)

8. Hide Your Admin Pages

The pages that you use to log into and manage your website shouldn’t be visible to search engines. This might not seem like much of a security measure, but it makes it harder for people with malign intentions to find those pages. And because it’s usually very easy to do, it’s worth taking a few minutes.

Some CMSes and security plugins will let you hide these pages from search engines. If yours doesn’t provide this functionality, you can do it manually by editing your robots.txt file, which should be accessible from your CMS settings or cPanel administrator section. Add the following to the file:

User-agent: *
Disallow: [the relative URL of the page]

In WordPress, you’d use “/wp-admin/” as the URL. Other CMSes will have different URLs. You can also disallow any other pages that users don’t need to see. Not only is this good for security, but it can help your SEO, too!

9. Protect Against Cross-Site Scripting

XSS is a hacking tactic What's Cross-Site Scripting (XSS), & Why It Is A Security Threat What's Cross-Site Scripting (XSS), & Why It Is A Security Threat Cross-site scripting vulnerabilities are the biggest website security problem today. Studies have found they’re shockingly common – 55% of websites contained XSS vulnerabilities in 2011, according to White Hat Security’s latest report, released in June... Read More that involves running code on your website through round-about methods. It could happen in a contact form, for example. By including a script in the contact form, a hacker could get your website to execute that code, giving them access or wreaking havoc.

Protecting against this type of attack is actually rather complicated. If you want to learn about the methods you can use, check out this awesome anti-XSS cheat sheet from OWASP. If you’re less technically inclined, there are plenty of anti-XSS plugins available. Some standard security plugins may cover this vulnerability, but don’t assume that’s the case. Make sure you’re protected.

10. Prevent Information Leakage

While XSS, SQL injection What Is An SQL Injection? [MakeUseOf Explains] What Is An SQL Injection? [MakeUseOf Explains] The world of Internet security is plagued with open ports, backdoors, security holes, Trojans, worms, firewall vulnerabilities and a slew of other issues that keep us all on our toes every day. For private users,... Read More , password cracking, and other methods of hacking might seem the most dangerous, it’s often the simplest things that cause problems. Information leakage is one of those things.

When you accidentally give away information that you didn’t intend to (or aren’t aware of), that’s information leakage. It’s easy for developers to accidentally leave HTML comments in your website code, for example, that contain sensitive information.

site code

If you’re working with a standard CMS implementation, this won’t be much of a problem. But if you’ve had someone design a custom theme for you, or done extensive development work on the website, you should check for information leakage. One of the best ways is to simply use the View Source option in your browser and quickly scan for HTML comments that weren’t deleted.

Larger websites consisting of hundreds or thousands of pages might require a dedicated security specialist (or at least an intern) to go through this process. Either way, it’s an easy thing to check for, so don’t skip it.

Secure Your Site Now!

When you make a new website, there are a lot of things you have to do. And it’s easy to forget about these basic security measures. But they could save you a lot of trouble (and potentially a great deal of money) in the long run. So don’t skip out on them! Make sure your site is secure before you start working on your content.

What other tips do you have for securing new websites? Share your thoughts in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Oliver Jones
    August 28, 2017 at 7:27 am

    Great security tips! This is undoubtedly a great thing; however, an unfortunate side effect is that now there are many webmasters who do not understand how to make sure their website is secure, or even understand the importance of securing their website. Security is really important to keep your websites away from cyber attacks and keep your site running! eUKHOST is one such web hosting company that advises you to choose backup storage that is at least three times the amount of space your website or server uses.

  2. John Peterson
    August 25, 2017 at 5:03 am

    Thank you for sharing this security tips for new web sites. For new web sites security in this post give some explanation in deeply and explain security points in detail that helpful and useful for many people. I like this post. It's wonderful information you shared.