Making Sense of Website Security
More often than not, website security isn’t a top concern until it is too late. Most people think that hacking only happens to “the big guys” because their own site is comparatively insignificant. The truth is, a security breach can happen to anyone at any time. Here are a few things that you can do to protect your sites and sleep soundly at night:
Logins and Passwords
The easiest way for someone to gain access to your site is to simply log in to your blog or cms. Most people prefer to use a few select username and password combinations that are relatively easy to remember. For a blog or cms, you should stray from these norms. A username should be something completely arbitrary and there are a few websites out there that can generate these names for you. Usernames are not the most important factor here and many times, they are used as signatures or to log changes. Passwords can make or break security so here are some simple things to remember when you create yours: the longer the password the better, use variations in case, and alternate letters, numbers, and symbols such as ? ! @ # %. Keep these usernames and passwords in a safe spot — you never know in whose hands these could end up!
.htaccess
A lot of times, an internet hacker starts by looking into the backend content of a site. This can be prevented by simply using a .htaccess file. This is basically a hidden file on your server that can regulate the access of your server files. Using this file, you can create custom error pages which will redirect people to a particular page when trying to access something that they should not be, intentionally or not. Preventing directories from being listed can help stop nosey people from poking around the files in your site and, with a simple line of code, the .htaccess file can provide a roadblock. Users can be denied by IP address using this file. You can also change the default directory of your site. Typically, this is a file that is called index (.html, .php, etc). In the .htaccess file this directory file can be called anything you want, such as home.html. There are many other benefits to editing your .htaccess file and this site (http://users.telenet.be/ws36178/security/webmaster/htaccess.html) can explain other uses as well as how to implement them.
Website Security Service
There are many website security services available that will help you monitor your website, detect vulnerabilities and ultimately, protect it. Sitelock (http://www.sitelock.com) is a great service for any small business website. For $9 a month, they will scan your site and find any potential weaknesses, provide support, and validate your website’s reputation. Verisign (http://www.verisign.com/) is a security service for e-commerce sites. They will secure all monetary transactions occurring within your site and provide a seal for your site so that customers will have faith that the transaction is secure. If your website collects data from your visitors, then Websense (http://www.websense.com) is the proper security option. They secure databases, emails, and websites — Websense is so awesome at what they do, Facebook uses them to protect its users from malicious links!