Security of your site depends on three things:
- security software part (CMS, scripts);
- security server (hosting);
- awareness and accuracy of the site administrator or those who work with the site as an administrator.
If all three components of the security of the site are organized in the right way, the site will be inaccessible to hackers and viruses.
The reliability of the software
The software part – a content management system (CMS) or scripts that are running the site. The reliability of the software implies the absence of vulnerability (“holes”) that allow an attacker to gain access to the database, file system or of the site administrator.
So that the software part was not vulnerabilities, developers must develop scripts with an eye on safety that is not always. The truth of life is that in virtually every CMS or vulnerabilities exist in the script. Some of them are published in the open access (public vulnerability), the other is not accessible to the public and used by hackers for targeted attacks on sites. To the software part of the site was secure and impregnable, it is necessary to pay attention to the issue of security.
Security server (hosting)
The second important point that affects the security of the site as a whole, is hosting that is hosting the site. Hosting can be shared («common») or dedicated («isolated”).
For shared-hosting services responsible for the safe server configuration is the Administrator of the hosting company. For the dedicated-server (VDS / VPS / DDS), this responsibility lies with the owner of the server.
As in the case of shared-hosting, and in the case of dedicated-server configuration must provide a minimum freedom of action, not adversely affect the performance of the site. That is, the server should be allowed only the most necessary functions, and everything else – is prohibited. For example, if the site does not comply with external connections to other servers, the option should be disabled external connections. If the site does not use system calls (system, shell_exec, etc.), these features must be disabled. In addition, should be limited to the scope of the file system of the scripts, and more. All this should take care of the system administrator of the server.
Awareness and accuracy of the site administrator
Owners of site usually pay little attention to security issues, suggesting that part of the program is flawless, the server settings are secure. Although most often own carelessness is the cause of hacking sites and viruses.
Below is a list of operations that must constantly keep in mind the administrator (owner) of the site:
- The computer from which you are working with a site must be protected commercial anti-virus software and regularly checked them. If the site has several people, this requirement applies to everyone.
- Passwords from ftp / ssh / admin panel needs to be changed regularly, at least once a month.
- Do not store passwords in the programs (ftp-client, browser, e-mail).
- Set complex passwords like «jrfr54 @ FSD».
- Work on secure protocol SFTP or SCP.
Site to be protected from viruses and hackers, you need a lot of attention paid to the issue of security: keep your software up to date, properly set up hosting and monitor access to the site. If at least one of the three elements is the weak link, the site will remain vulnerable.
GKS Web Studio team when developing the site paid much attention to the safety of your future web resource, knowing how important it is for you.