Results 1 to 8 of 8
  1. #1
    thomastekster is offline New Member
    Join Date
    May 2016
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Protection to my website?

    Hello guys!

    I have a website where I thought about getting some protection like SSL or programes like anti-virus.
    Do any of you have experience with some things?
    I want to hear your opinion, is it a good idea to get those things. Plz tell me how I should do?

    I hope you guys can help me through this.

    Thanks a lot!

  2. #2
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    26,243
    Thanks
    1,708
    Thanked 7,554 Times in 4,766 Posts

    Default

    You do not necessarily need an ssl certificate unless you will be taking payments directly on the website.

    If the cost of an ssl is not prohibitive and you plan on putting the entire site behind https then it may not be out of line for that.

    Are you running wordpress or other cms? If so there are a wide variety of security related plugins you might find useful.

    You should not necessarily need anti-virus on your site per se, but if you are hosting on a vps or dedicated server, be sure there are at least some basic protections in place such as a firewall when needed and only open the ports on the server that actually NEED to be open in order to reduce the attack surface.

    I storngly encourage you to run a solid antivirus on your own machine, since if the security is set up correctly on your server, the most common way to have your site infected is for YOUR machine to be infected and you send that infection up to the server.

    The other common way to get an infection is for your site to get hacked, (such as through a wordpress or security vulnerability you did not close) or the use of weak passwords or total lack of security (such as a wordpress site with zero security plugins)

    The list of plugins is quite extensive but I have recently started focusing more on this one.
    https://wordpress.org/plugins/wp-cerber/

    Beyond that, if you have more specific questions, just ask.

    The fact that you state on your website that your core business is SEO and then yet ask for seo tricks for your site here in other threads will not necessarily get you a long list of responses.

    Is your core business really seo? And if so, coming here asking for seo tips when your site claims to provide others with tips they can't find anywhere else is kind of ...

    Rick
    Universal4

  3. The Following User Says Thank You to universal4 For This Useful Post:

    -Shay- (24 May 2016)

  4. #3
    latrobet's Avatar
    latrobet is offline Public Member
    Join Date
    May 2016
    Location
    Port Vila
    Posts
    98
    Thanks
    0
    Thanked 29 Times in 24 Posts

    Default

    Nice reply universal.

    As we dont know the type of "website" you have it is hard to answer intelligently.

    The only thing I could add to the above post is; if you are running a db for odds or the like. Check for column vulnrability. In my experience the only serious exploits come from sql injection into vulnrable db's

    I hope that helps.




    Sent from my SM-N910G using Tapatalk

  5. #4
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    26,243
    Thanks
    1,708
    Thanked 7,554 Times in 4,766 Posts

    Default

    It is not a gambling portal.

    It is an seo site, and I am trying to determine if he made the first few posts he did to drop the link to his seo site or if he is really interested in reasonable feedback and wanting to contribute here.

    Rick
    Universal4

  6. #5
    thomastekster is offline New Member
    Join Date
    May 2016
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thanks for the answer!

    I'm current using wordpress as my theme and I have my hosting at one.com - they provide the necessary security.
    I have a very strong anto-virus on my own PC. You mention the SSL is only if we charge people via our site, which is not the case.
    But when I don't have any security programes connected to my site, then how would I be able to spot or remove any suspicious things?
    I mean the SSL doesn't provide that security I would need on my site?

  7. #6
    sweetbet's Avatar
    sweetbet is offline Private Member
    Join Date
    November 2012
    Posts
    2,819
    Blog Entries
    5
    Thanks
    899
    Thanked 1,581 Times in 1,088 Posts

    Default

    Additionally, you might also want to take a look at the following free services

    xhttps://www.cloudflare.com/features-security/
    xhttps://sitecheck.sucuri.net//

    There are plenty of WP security plugins out there. Get one or two decent firewall plugins, and put a captcha on your login page to deter automated login attempts.

    As Rick mentioned, you really do need to have solid antivirus on your machine. I use Avast and malwarebytes.
    Sweet Bet - Reviews of reputable online casinos, poker sites, sportsbooks & bingo halls
    USA Online Casinos | Canadian Online Casinos | Bitcoin Casinos | Live Dealer Casinos | Free Spin Casinos | US Online Casinos

  8. #7
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    26,243
    Thanks
    1,708
    Thanked 7,554 Times in 4,766 Posts

    Default

    Well,

    If your host has good security, and you have strong passwords, and you are sure your own machine is clean and secure, how exactly do you think someone will manage to get bad code on your site?

    In order for anything bad to end up on YOUR site, it has to be written there.

    So make sure you use a good security plugin, do not allow ANYONE to write anything on your website but you or trusted developers or writers and you have conquered a good bit of the battle.

    You could take some of the suggestions like using cloudflare or others, but cloudflare will NOT stop hackers if you have a weak or easily guessed password, nor will it will stop you from uploading a virus or bad code if you or one of your developers/writes machines become infected.

    If you are on shared hosting, you are vulnerable to anyone on the same shared server that would upload something that would allow the server to be compromised and gain elevated access to also infect your folders and site.

    Sweetbet's recommendation on sucuri is a pretty good one as they have tools to check the site that would help find issues.

    When running wordpress it is important to use a security plugin that moves or renames the admin login, and do NOT link to it anywhere on the site. Remove ANY unused plugins, and the fewer number of plugins you use the better off you are.

    Be sure to remove Akismet, unless you are using it and it s only ever recommended to use the paid version of that.

    I also recommend (an idea not shared by all) to completely disable xml-rpc, unless you need it for something like jetpack, remote posting or feeds. If so make sure the security plugin you use watches for xml-rpc attacks (VERY few do)

    Rick
    Universal4

  9. #8
    canaryjohn is offline Private Member
    Join Date
    May 2016
    Posts
    154
    Thanks
    25
    Thanked 68 Times in 46 Posts

    Default

    As long as your own PC/Laptop is nice and secure with up to date anti virus and updated browsers etc then you will be fine assuming your hosting service is secure (which it probably will be).

    Just make sure your passwords are strong and there's not a whole lot else to worry about buddy!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •