Practical guide to website security

A secure site is a site protected from hacker attacks. This is fundamental today, given that most of our daily activities take place online: we shop, work, manage medical appointments, chat with friends and much, much more, all on the web.

So, it is vital that our personal data, passwords, and credit card numbers are safe, protected by a website security certificate and other preventive measures: make a backup of your website, the tools you created it with, verify the security of the site periodically, make daily backups and so on.

Let’s see in detail how you can prevent attackers from taking over your website and making illicit use of it.

In order to navigate safely online, on one hand that users need to know how to distinguish a safe site from a potentially dangerous one; on the other it is essential that legitimate sites offer strong security measures to protect their customers’ data.

How to find out if a site is safe

Italians have embraced online purchases: raise your hand anyone who has not opened Internet Explorer and bought at least one product or contracted a service in the last month.

The inability to make physical purchases during the lockdown period has fueled this trend and after experiencing the convenience of online shopping many no longer want to return to physical shopping. In addition to comfort, users have been definitively convinced by the ease and speed of making an online purchase.

But while on the one hand users have benefited by simplification of digital transactions, on the other it has also lowered their defenses: how many people verify that a website is really safe before entering sensitive data?

Methods for verifying the reliability of a website

Before you connect to a site you need to verify its reliability.

Here’s how:

• Review your browser’s security settings.
• Check in the browser navigation bar that the site implements the secure HTTPS protocol (indicated by a lock icon).
• Trust the warnings of Google, which reports potentially dangerous sites with unsafe site or unsafe connection warnings.
• Check the security level of the URL with a tool like Google Safe Browsing.
• Verify the legitimacy of the URL by carefully checking the address and verifying the presence of errors.
• Be aware of the obvious presence of malware on the site: the appearance of unusual popups and redirects are a clear sign.
• Do an online check of the reputation of the web site.

The Internet can be a risky place for those who don’t take precautions when surfing, downloading content or carrying out economic transactions.

The most dangerous sites are those that do not protect their users’ data with HTTPS protocol, which safeguards the transmission of data between the browser and the site, and SSL/TLS encryption protocols (Secure Socket Layers/Transport Layer Security).

Phishing and unsafe sites

Many online scams start with an email that warns the user of a problem or possible threat that can be avoided by entering the website indicated with their personal data.

At a first glance, the email seems to be regular: the user knows the sender – their bank or a familiar website – and the message graphics, logo and contents seem original.

These types of messages conceal a great danger: the sender’s address was falsified to deceive the recipient and convince them to visit an unsafe site to steal personal data or download malware onto their device.

This is phishing, an increasingly common and sophisticated method of hacking that can be avoided by carefully analyzing the sender’s email address—which typically contains errors—and the links indicated—which do not link to the correct site and or implement security protocols.

The user can defend against phishing using methods of message authentication: the ISP will verify the IP and the sender’s domain, keep spam or fraudulent emails from the user’s inbox.

There are several solutions you can implement to make your website secure. The most effective strategies are:

• request an SSL/TLS digital certificate from a certification authority
• choose a provider with firewall protection to block any threat immediately
• install an effective antivirus
• always update all your website software (server side and client side), your plugins if you have a site with WordPress, the operating systems and, of course, antivirus
• regularly perform a security check on your website to detect outdated software, malware, and other computer viruses that are attempting an attack

Online purchases are growing and so are threats to users, increasingly exposed to hacking and fraud attempts.

For an e-commerce site you need to implement security protocols and advanced systems for the protection of personal customer data. At stake are brand reputation, which online store sales and customer loyalty depend on, and economic sanctions in case of the theft of sensitive data.

The reliability of e-commerce sites inevitably passes through the implementation of HTTPS, which is the only way to secure customers’ commercial transactions, preventing hackers from stealing their bank or credit card details.

In addition, all modern browsers, such as Google Chrome, warn the user that a web page is not secure if there is no HTTPS protocol. This is a very effective deterrent because most people who view this warning leave the site.

Protecting customer personal data: account creation

With on-line shopping, a user’s personal data is procured from the moment when the account that allows on-site purchases is created. This includes first and last names, date of birth, city of residence, etc.

This data must be stored in complete safety because it can be stolen by hackers for illicit purposes.

When creating their account, the user must also enter their password: this is another delicate and potentially dangerous moment. The online shopping platform should warn the user of the importance of creating secure passwords, which are difficult to identify, even random, with at least 13 characters and used only on a single platform.

To strengthen the protection of user data, e-commerce can implement two-factor authentication, used, for example, by Amazon.

As we have seen, there are numerous precautions you can take to protect your website and your visitors: among others, implementing security protocols, choosing a reliable hosting, and using complex passwords.

But the single most important step for the safety of your site is to back it up.

File backups, database backups, WordPress backups, automatic and manual backups: let’s try to clarify everything that surrounds this type of operation, starting with its definition.

Backup consists in copying physical or virtual files, or databases to a secondary location to secure a company’s most important information in the event of server, hardware, or natural disasters or hacker attacks.

The backup process, manual or not, is crucial to restoring the site in case of emergency: if you lose crucial data or your site has been hacked, you will be able to fix your problems quickly.

It only takes a few minutes to prepare backup files and the benefits are incalculable.

What data should be backed up? Undoubtedly the critical databases and those related to line-of-business applications, that is those that allow the business to carry out its fundamental activities.

As for frequency, best practices suggest making a complete backup of data at least once a week, preferably on weekends or off-hours.

Backing up a WordPress site

If you use WordPress or any other content management system (CMS), you probably have additional components such as themes and plug-ins installed on your site. These are useful but also potentially problematic elements: every time you install a new add-on, in fact, you are introducing an element that may not work well with the rest of the site’s ecosystem.

Before activating a new plugin or making a significant change on your site it is important to create a backup of the WordPress site.

That way, if the new elements are incompatible with those already present on your site, you can restore the WordPress site from your backup and recover the previous version without any consequences.

This method allows you to protect your site even during plugin or theme updates.

“Secure your website” is one of the most repeated tips online: you can never take enough precautions because hacker techniques evolve quickly.

If you have a business, ensure your customers total protection of their data and their transactions on your site by implementing secure protocols and encouraging the use of effective passwords when creating their accounts.