Website Security Tips
Do you have a website? In this story, I will give some basic security tips!
- STOP USING WORDPRESS (OR MAINTAIN IT)
Wordpress is the most hackable CMS in the world. So don’t use it and don’t use similar Open Source projects (such as Joomla). If you use it… remember that it requires a high maintenance level so, always update it, use fewer plugins if you can, take care about Admin Login Rate limiting, change /admin path to a secret and complex path, and avoid unused POST forms into the website.
- STOP USING FTP
Every open port on your server is a risk for your website security! FTP is an old and not secure protocol on port 21 that can be replaced by SFTP/SSH on port 22.
- USE CLOUDFLARE
Cloudflare is a CDN/WAF service for your domain with different subscriptions plans including a free plan that is perfect for basically protecting your website from DDoS attacks, obfuscating your final server IP, hiding your emails from data scrapers, and optimizing performances.
- USE A SSL CERT ON YOUR DOMAIN
Free SSL certs come within Cloudflare but if you are not using it, you can get free certs using Let’s Encrypt.
- ISOLATE YOUR HOSTING AND YOUR USER ON HOSTING
It’s really important to have a dedicated “home” directory on the server, isolated from other users and domains so you can be sure that your website can’t be affected by another website’s attacks.
- UPDATE YOUR STACK
Every technology has its own vulnerabilities so Linux OS, PHP, MySql, and other languages or systems have always to be updated to the last version.
- READ LOGS
Logs can tell you many things about the activity on your server… if you can read them, you could identify abnormal accesses to your website.
- MAKE BACKUPS
Make daily backups of your website storage and database and maintain a good history of the versions on an external and isolated server so if you will receive an attack, you can restore the last clean version of your website.
- USE A MONITOR
There are several systems to track the uptime, the performance, and the errors of your website (such as Sentry). Using it can be useful to understand what happens to your website.
- USE YOUR BRAIN
Use complex and unique passwords, don’t share them, and use 2FA.