-
Protection to my website?
Hello guys!
I have a website where I thought about getting some protection like SSL or programes like anti-virus.
Do any of you have experience with some things?
I want to hear your opinion, is it a good idea to get those things. Plz tell me how I should do?
I hope you guys can help me through this.
Thanks a lot!
-
-
You do not necessarily need an ssl certificate unless you will be taking payments directly on the website.
If the cost of an ssl is not prohibitive and you plan on putting the entire site behind https then it may not be out of line for that.
Are you running wordpress or other cms? If so there are a wide variety of security related plugins you might find useful.
You should not necessarily need anti-virus on your site per se, but if you are hosting on a vps or dedicated server, be sure there are at least some basic protections in place such as a firewall when needed and only open the ports on the server that actually NEED to be open in order to reduce the attack surface.
I storngly encourage you to run a solid antivirus on your own machine, since if the security is set up correctly on your server, the most common way to have your site infected is for YOUR machine to be infected and you send that infection up to the server.
The other common way to get an infection is for your site to get hacked, (such as through a wordpress or security vulnerability you did not close) or the use of weak passwords or total lack of security (such as a wordpress site with zero security plugins)
The list of plugins is quite extensive but I have recently started focusing more on this one.
https://wordpress.org/plugins/wp-cerber/
Beyond that, if you have more specific questions, just ask.
The fact that you state on your website that your core business is SEO and then yet ask for seo tricks for your site here in other threads will not necessarily get you a long list of responses.
Is your core business really seo? And if so, coming here asking for seo tips when your site claims to provide others with tips they can't find anywhere else is kind of ...
Rick
Universal4
-
The Following User Says Thank You to universal4 For This Useful Post:
-
Nice reply universal.
As we dont know the type of "website" you have it is hard to answer intelligently.
The only thing I could add to the above post is; if you are running a db for odds or the like. Check for column vulnrability. In my experience the only serious exploits come from sql injection into vulnrable db's
I hope that helps.
Sent from my SM-N910G using Tapatalk
-
-
It is not a gambling portal.
It is an seo site, and I am trying to determine if he made the first few posts he did to drop the link to his seo site or if he is really interested in reasonable feedback and wanting to contribute here.
Rick
Universal4
-
-
Thanks for the answer!
I'm current using wordpress as my theme and I have my hosting at one.com - they provide the necessary security.
I have a very strong anto-virus on my own PC. You mention the SSL is only if we charge people via our site, which is not the case.
But when I don't have any security programes connected to my site, then how would I be able to spot or remove any suspicious things?
I mean the SSL doesn't provide that security I would need on my site?
-
-
Additionally, you might also want to take a look at the following free services
xhttps://www.cloudflare.com/features-security/
xhttps://sitecheck.sucuri.net//
There are plenty of WP security plugins out there. Get one or two decent firewall plugins, and put a captcha on your login page to deter automated login attempts.
As Rick mentioned, you really do need to have solid antivirus on your machine. I use Avast and malwarebytes.
-
-
Well,
If your host has good security, and you have strong passwords, and you are sure your own machine is clean and secure, how exactly do you think someone will manage to get bad code on your site?
In order for anything bad to end up on YOUR site, it has to be written there.
So make sure you use a good security plugin, do not allow ANYONE to write anything on your website but you or trusted developers or writers and you have conquered a good bit of the battle.
You could take some of the suggestions like using cloudflare or others, but cloudflare will NOT stop hackers if you have a weak or easily guessed password, nor will it will stop you from uploading a virus or bad code if you or one of your developers/writes machines become infected.
If you are on shared hosting, you are vulnerable to anyone on the same shared server that would upload something that would allow the server to be compromised and gain elevated access to also infect your folders and site.
Sweetbet's recommendation on sucuri is a pretty good one as they have tools to check the site that would help find issues.
When running wordpress it is important to use a security plugin that moves or renames the admin login, and do NOT link to it anywhere on the site. Remove ANY unused plugins, and the fewer number of plugins you use the better off you are.
Be sure to remove Akismet, unless you are using it and it s only ever recommended to use the paid version of that.
I also recommend (an idea not shared by all) to completely disable xml-rpc, unless you need it for something like jetpack, remote posting or feeds. If so make sure the security plugin you use watches for xml-rpc attacks (VERY few do)
Rick
Universal4
-
-
As long as your own PC/Laptop is nice and secure with up to date anti virus and updated browsers etc then you will be fine assuming your hosting service is secure (which it probably will be).
Just make sure your passwords are strong and there's not a whole lot else to worry about buddy!
-
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules