A secure website
The best website is a secure website. You can increase that security by using a secure server and software. A secure website communicates with the visitor via a secure https connection. How can you make your website more secure?
A secure website
A secure server
Your secure website is hosted by a hosting company on a server. That is a computer that is always on with web server software on it. Ensure good quality hosting. Choose for quality and not for "too cheap". Cheap hosting is only possible if you save on quality and/or speed. And speed is important in search engine optimisation.
A good hosting company ensures that all servers are secure, among other things by keeping the software up-to-date. Backups are also important. A good hosting company ensures regular backups of your website. In the event of problems, such a backup can be quickly restored to the server. But don't rely completely on your hosting company. Take care of backups that you keep somewhere offline (not on the website).
Also important for a secure website is secure software.
Take care of:
- reliable software
- from a reliable party
- open source software, the operation of which you can view and, if necessary, modify.
- download the software from the official source
- make sure your software is up to date
Keeping software up to date
Does your website use secure software? Many websites work with a Content Management System. Make sure you keep the software up-to-date. Your visitor will not immediately notice this. But if your website is hacked because you are using outdated software, you should inform your registered users about this. And a hacked website is not a reliable website. You can keep several websites up-to-date via online services. Yoursites.net
Does your website work via http or https? A modern, secure website uses a secure https connection. The communication from the website to the visitor (the pages shown) is sent via a secure connection. And the communication from the visitor to the website (login passwords, forms with information) is also secure. You can test your SSL/TLS certificate via Internet.nl or Qualys SSL Server Test.
A connection that runs via https is secure if the https certificate has been issued for the website you are visiting (see certificate details). However, a connection can be even more secure if you enforce certain security aspects on the visitor's browser. That your https secured website informs the visitor's browser that the website will only be available via https in the coming year. If the website is then unexpectedly only available via http, the visitor cannot simply access the website.
A secure website requires that only authorised persons have access to the administrator area of the website. The authentication can be done on the basis of what someone knows (password) or what someone has (a 2FA authentication tool).
Make sure you have a secure password. A secure one is long and contains strange characters. A secure password is only used on one website. Use a password manager to generate long random passwords.
Two factor authentication (2FA)
A second way of authentication is by generating a login token with a device you have with you. For example, a phone with an authentication app such as Google Authenticator. Or with a YubiKey, a USB dongle that generates an extra login token.
If you make online payments via your website, use secure payment methods such as iDeal (e.g. via Mollie), PayPal, or payment afterwards. Such online payment methods come across as reliable.
Do you use DNSSEC? A reliable website ensures that visitors get to the right server when they enter your domain name in their browser. Domain Name System Security Extensions (DNSSEC) makes that safer and more reliable.
How secure is your website's e-mail communication with the administrator and visitors? A reliable website ensures that e-mail is sent via SMTPs (SMTP secure). This means that the communication between your website and the mail server runs via a secure connection.
Do you use modern anti-spam and authentication methods (SPF, DKIM, DMARC) to send your mail? This makes the e-mail more secure and reduces the risk of the e-mail being rejected by the recipient or ending up in a spam box.
Would you like to know more?
- Online Tool: sitecheck.sucuri.net
- Online Tool: Internet.nl - Modern Internet Standards check
- Online Tool: Qualys SSL Labs - SSL Server Test
- Website: Domain Name System Security Extensions (DNSSEC)
- Backup solution for Joomla + WordPress: Akeeba Backup
- Online self-hosted update service for Joomla + WordPress: YourSites.net