Six simple tips that will improve the security of your website

Six simple tips that will improve the security of your website

Security plays a vital role in any online activity. Whether you have a blog, a corporate website or an eCommerce platform, you should secure your website. It is essential to protect your website to avoid losing your data or putting your customers' information at risk. Today, I am going to give you a few tips that will help you to improve the security of your website. To enhance the security of your website, apply those tricks on your website.

1- Use the Captcha to protect your forms against spams

A captcha will protect your website against spams. One of the most popular captchas is Google Captcha. You can go on the Google platform, and get the one that is suitable for you. For instance, reCAPTCHA v3 protects your website from spam and unpaid abuse. Based on a scalable risk analysis engine, it prevents automated software from damaging your site while allowing your identified users to surf with ease. To enable reCaptcha v3 to work on your web site, this is how to proceed:

Frontend integration

  • You should load your JavaScript with the site key
  • When a page load or during an action, call grecaptcha.execute
  • You should send the token to your back-end with the request to verify

I should note that you can execute reCaptcha for an unlimited time with different actions on the same page.  If you are using a CMS such as Magento, WordPress or PrestaShop, you can get an extension that will help you to add the Google Captcha on your site.  You may also go a built-in captcha depending on the platform you are using.

2- Use an SSL certificate to encrypt communication

It will encrypt communication between your users and your server and that will add an extra security layer on your website. Besides that, it helps to encrypt connections to protect sensitive information provided by customers while authenticating the identity of any organization.

Here are the steps to follow to install SSL certificates on your server:

- Generate a Certificate Signing Request (CSR), containing public key and server information,

- Request the SSL certificate from a secure source on the Internet according to your specific needs.

- Install the SSL certificate after receiving it by email or via the Client dashboard.

- Associate the SSL with your website.

If you want to get an SSL at an affordable price, you can try this link. The starting price is 16.5$

3- Enforce the type of password that users are inputting into your website.

Instead of allowing your users to enter any password, you can define something a little bit more secure. As such, you are making sure to your website against password guessing. You can, for example, use patterns or ask users to enter specific types of characters.  If possible, you can further reinforce security with two-factor authentication.  Two-Factor authentication will require users to enter his/her password and validated with a code sent to the phone.

In the case of users having access to your server, you can make use of a secured authentification such as the SSH keys.

The steps to configure SSH key authentication are as follows:

- You must place the public key on the server in a unique directory.

- When a user connects to the server, the server will ask him to prove possession of the associated private key.

- The SSH client will use the private key to respond in a way that demonstrates the ownership of the private key. The server will then let the client connect without a password.

4 - improve the security of the server.

You have some features on your servers, such as the IP blockers or some tools that can protect your website against brute attack force. These are some server security measures that you can apply :

  • In the case of the IP blocker, you will be able to stop any attack after a certain number of attempts.
  • Some servers also provide the option to force users to change their password after some time.
  • You can force users to change and use different passwords if they already use it once.
  • You may also restrict access to the server only to authorized users using the IP addresses.

5 - Scan your Code regularly

Scanning your code periodically and getting the alert in case of any potential attack will help you to always been on the safe side. We can never be 100% in control of our solutions. And by using some automated tools, you can quickly act before something alarming happen. One of the software that you can use to scan your website regularly is Sitelock. Sitelock automatically scans to identifying vulnerabilities and known malicious code and automatically remove them from your website. If you are using some CMS like Magento, registering your site for a security scan can help. In that way, you will know what aspect of your website needs extra protection.

To install your SiteLock Security Seal:

  • You should register and Access to your SiteLock dashboard.
  • After, you should follow the instructions in the wizard to complete your verification.
  • Once you complete the registration, you will be able to access the code you need for your site.

6. Automate if possible security scan of your website.

Many automated solutions can enable you to scan your website every week. Some of them are free, and for some, you need to pay. If you are using Magento, and you are interested in knowing how to improve Magento security, please read this article. "How to improve the security of your Magento open-source Website."

Resources to secure your website.

If you need help you improve the security of your website; contact us today.