Website Security Tips

Do you have a website? In this story, I will give some basic security tips!

  1. STOP USING WORDPRESS (OR MAINTAIN IT)
    Wordpress is the most hackable CMS in the world. So don’t use it and don’t use similar Open Source projects (such as Joomla). If you use it… remember that it requires a high maintenance level so, always update it, use fewer plugins if you can, take care about Admin Login Rate limiting, change /admin path to a secret and complex path, and avoid unused POST forms into the website.
  2. STOP USING FTP
    Every open port on your server is a risk for your website security! FTP is an old and not secure protocol on port 21 that can be replaced by SFTP/SSH on port 22.
  3. USE CLOUDFLARE
    Cloudflare is a CDN/WAF service for your domain with different subscriptions plans including a free plan that is perfect for basically protecting your website from DDoS attacks, obfuscating your final server IP, hiding your emails from data scrapers, and optimizing performances.
  4. USE A SSL CERT ON YOUR DOMAIN
    Free SSL certs come within Cloudflare but if you are not using it, you can get free certs using Let’s Encrypt.
  5. ISOLATE YOUR HOSTING AND YOUR USER ON HOSTING
    It’s really important to have a dedicated “home” directory on the server, isolated from other users and domains so you can be sure that your website can’t be affected by another website’s attacks.
  6. UPDATE YOUR STACK
    Every technology has its own vulnerabilities so Linux OS, PHP, MySql, and other languages or systems have always to be updated to the last version.
  7. READ LOGS
    Logs can tell you many things about the activity on your server… if you can read them, you could identify abnormal accesses to your website.
  8. MAKE BACKUPS
    Make daily backups of your website storage and database and maintain a good history of the versions on an external and isolated server so if you will receive an attack, you can restore the last clean version of your website.
  9. USE A MONITOR
    There are several systems to track the uptime, the performance, and the errors of your website (such as Sentry). Using it can be useful to understand what happens to your website.
  10. USE YOUR BRAIN
    Use complex and unique passwords, don’t share them, and use 2FA.

--

--

--

I’m a software engineer based in Milan. Always looking to discover new development methods and technologies, I am an open source enthusiast and supporter.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Ledger Data Breach takeaway: CMR infrastructures need to be rebuilt to preserve brands’ reputation

6 Tips for App Developers to Maximize Mobile App Data Security

What Went Flawed at Sushi? Unpacking the DeFi Venture’s Woes

{UPDATE} Puppy and Pizza Hack Free Resources Generator

2F-Authentication Bypass in Sign-up Page

Learn more about Oort Digital

{UPDATE} Pirat WortSpiel - Deutch Worte Hack Free Resources Generator

Offensive Security PEN-300 Course Review 2022

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andrea Pollastri

Andrea Pollastri

I’m a software engineer based in Milan. Always looking to discover new development methods and technologies, I am an open source enthusiast and supporter.

More from Medium

Proper way of including CSS or JavaScript file in WordPress

VulnHub: HarryPotter: Aragog

20 Tips to make your WordPress site more Secure

How to Add a File Upload Widget to Any Website with no Tech Background