Building a More Secure Website
Passwords are, put simply, insecure. Take this guy:
Carp3nt3r123.321r3tn3praC
It fulfills all the guidelines we’re told to obey regarding passwords. It’s long (25 characters). It’s got mixed upper- and lower-case letters. It’s got digits. It’s got punctuation. It doesn’t contain a dictionary word. And yet, with a few readily-available graphics cards and a large enough collection of hashes, it’s actually disturbingly easy to crack in a matter of days, if not hours. In fact, Ars Technica recently ran a fascinating story detailing just how insecure “secure” passwords really are.
Security threats are nothing new. Passwords have been under attack for decades, and social engineering is as old as time. So how do you make your website more secure?
The first step is obvious. Keep your operating system and applications up to date. Softaculous is a great way to keep your applications up to date, especially when you’ve got multiple installations floating around. It will automatically remind you when updates are available, and updates can be automatically executed with only three clicks. Best of all, Softaculous costs almost nothing — in fact, if you’ve got one of our shared hosting accounts, Softaculous is included for free!
The next step is among the most important, but is frequently overlooked: Install an SSL certificate. An SSL certificate, when properly configured and installed, encrypts the information transmitted between your website and your users. Without encryption, anyone can eavesdrop on your conversation and capture every piece of information sent and received. Unlike the early days of the Internet, where SSL certificates were expensive and difficult to use, modern SSL certificates are affordable and simple. With prices starting at just $14.99 per year, it’s hard to argue against an SSL certificate, even for personal websites.
Finally, we’re back to the old standard: Choose a secure password, and use a different password on every site. As millions of users learned the hard way in 2012, sharing the same password on multiple sites is a terrible idea. When one gets cracked, the rest are sure to fall. But remembering a different password for every site — let alone a series of long, complicated, random passwords — is impossible. That’s where LastPass comes in. LastPass is a high-security password manager that can keep track of all those absurdly-long and absurdly-secure random passwords for you. All you have to remember is a single password. Best of all, it runs perfectly with all major browsers on Windows, OS X, and Linux.
There are lots of other important steps, too. Using a trusted web host is a good start. Believe it or not, a lot of “discount” web hosts are little more than desktop PCs tucked away in someone’s basement. What happens when someone breaks in and steals a few? All your — and your clients’ — sensitive data is gone, and you’re looking at significant liability and a PR disaster. While nobody’s servers are burgle-proof, ours are tucked away in two high-security datacenters with 24×7 monitoring, on-site staff, and biometric access controls.
From server hardening to SSL certificates and everything in-between, we can help you keep your site secure. Drop us a line and let us know how we can help!
