ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > 5 Security Tips to Keep in Mind When Developing a New Website

5 Security Tips to Keep in Mind When Developing a New Website

Larry Alton, Writer,
| Posted at 2:37 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Larry AltonFew things put a business at more risk than developing a website and not putting an emphasis on security at a very foundational level. Small and large businesses alike are being targeted like never before; hackers are becoming more sophisticated in their methods. If you have a loophole, they will expose it and compromise your business.

Thankfully, website security isn’t some impossible challenge that requires tons of resources to execute. Here are some practical tips:

1. Carefully analyze different site builders
Assuming you aren’t building a site totally from scratch, the first big decision you have to make in the website development process is which site builder you’re going to use. Believe it or not, this has a big impact on the integrity of your site from a security perspective.

Choosing a website builder can be challenging, especially considering there are more than a dozen reputable options on the market. The key is to find a website builders review site – such as Top10BestWebsiteBuilders – that lists a variety of options. Using one of these resources, analyze the security features and read reviews from actual users. This will tell you everything you need to know about the integrity of the platform.

2. Choose the right host
Once you choose a website builder, you can turn your attention toward selecting the right host. Again, there are a variety of web hosts to choose from and you’ll have to spend your time carefully analyzing the options. If possible, try to go with a host that offers Secure File Transfer Protocol (SFTP), which makes the process of uploading files safer.

3. Buy an SSL certificate
If you’re selling any sort of product or service on your site, you need a secure sockets layer (SSL) certificate. An SSL provides an added layer of security by creating a secure network between the computers and servers communicating with one another. It’s also a big trust factor. Many online shoppers won’t do business with websites that don’t have SSL certificates.

4. Restrict admin access
If you’re building a WordPress website and are the only person who needs access to the website, you can create an additional layer of security by restricting admin access by IP address.

This is done by opening the main .htaccess file and finding the line of code that reads “Allow from xx.xx.xx.xx.” Replace the x’s with your own IP address and now the admin panel can’t be accessed by anyone else.

5. Don’t let people know what version you’re using
Keeping your CMS updated is obviously an important part of staying protected, but don’t make the mistake of publicly advertising which version you’re using. This gives would-be hackers the advantage of knowing which vulnerabilities your website is susceptible to. Many CMS platforms automatically add the version to your site’s code, but you can find it and remove it. In WordPress, it’s found in the WP-head section.

Don’t overlook the need for security
The temptation – especially for smaller businesses – is to only take very basic security steps. The belief is that nobody cares enough to compromise a niche operation in an obscure industry – but that couldn’t be any further from the truth. Smaller businesses are actually bigger targets, because hackers know that they’re typically easy to compromise.

Any time you develop a new site, be sure you’re taking this into account. Website security is a lot easier and more effective if you prioritize it from the ground up.


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.