Please consider these things when thinking about your website and it's security.
Security is difficult to achieve and won't happen by itself. Both Open-Source and proprietary software have their fair share of vulnerabilities. Also, things that are secure today are usually not secure tomorrow.
Did you know that hackers are constantly out there looking for vulnerable websites to add to their list of future attacks. Nearly every website on the web has been scanned for vulnerabilities. Did you know that even beginner hackers can use advanced tools such as Google, Bing, and Yahoo! to quickly find some vulnerabilities.
Perfect security probably doesn't exist. Considering there is no perfect security, work with these in mind.
- Have a security control plan.
- Follow recommended server and PC configurations that are known to be secure.
- Don't store sensitive, confidential, or proprietary information on your webserver or any PC connected to the webserver.
- Always keep backups of your website.
- Be prepared to shutdown, reformat, and restart your website as needed. This might be needed in the event that your website is hacked.
- Change your passwords often and use strong credentials (as described below).
Stay abreast of updates to the software components your website (and company) utilizes. Software components are constantly evolving to resolve functionality and security concerns. Even components that are released to fix a security issue can later turn out to have further security issues.
Proper Software Installation.
Improperly installed or configured software can circumvent your hard work on keeping the websites software components up to date. Improperly installed software can provide access to hackers that are unintended and hard to find.
Hire Competent Programmers.
Most website vulnerabilities are caused by custom written software that doesn't hold up to security standards. Be sure to hire a competent programmer that is aware of common security programming practices:
Be sure to change any default passwords and instead use strong passwords. Any password should be hard to guess. Hackers love to use dictionaries as a starting point to guess passwords. Do not reuse passwords between websites. Some websites use the password you used and try it on other websites.
Some systems allow you to go beyond passwords and instead use certificates to validate yourself. Consider using these more advanced techniques whenever possible.
Protect your PC.
Unfortunately the Windows PC appears to be a favorite target to hackers. The reason this impacts your website is because usually a persons PC contains the password to your webserver. Therefore, to protect your website you must also protect your PC. Be sure automatic updates is turned on, don't ever open email attachments from people you don't know, or don't know why they are sending you an attachment. Don't fall for phishing scams.