{"id":2409,"date":"2020-04-28T05:11:17","date_gmt":"2020-04-28T05:11:17","guid":{"rendered":"http:\/\/kusuaks7\/?p=2014"},"modified":"2023-12-13T14:41:23","modified_gmt":"2023-12-13T14:41:23","slug":"how-to-secure-a-website-21-website-security-tips-for-businesses","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/how-to-secure-a-website-21-website-security-tips-for-businesses\/","title":{"rendered":"How to Secure a Website: 21 Website Security Tips for Businesses"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2409\" class=\"elementor elementor-2409\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-4daf00f0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4daf00f0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-54dfcbbe\" data-id=\"54dfcbbe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-64d487a3 elementor-widget elementor-widget-text-editor\" data-id=\"64d487a3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tIf you\u2019re not sure \u201chow to secure a website\u201d most effectively, then you\u2019re not alone. As of the time of writing this article, there were literally\u00a0<em>more than 2.6 billion<\/em>\u00a0search results for that particular topic on Google alone! This is where our list of website security tips come in handy.\n\nOf course, we have our own thoughts and opinions about the best ways to approach website security:\n<ul>\n \t<li>Using secure passwords<\/li>\n \t<li>Patching and updating your software, firmware, and server<\/li>\n \t<li>Using SSL\/TLS certificates<\/li>\n \t<li>Maintaining current website backups<\/li>\n<\/ul>\nBut we all know there\u2019s more to strong website security than just that, which is why I called in the cavalry to help answer your question. I\u2019ve gathered 21 website security tips from 17 website pros, IT admins, and cybersecurity experts from around the U.S. and abroad. You\u2019re welcome.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77e759f elementor-widget elementor-widget-text-editor\" data-id=\"77e759f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tNow, I know that you\u2019re chomping at the bit to get to those expert website security tips. But if you want to know more about who each expert, be sure to check out our list of experts by clicking on the \u201cMeet the Website Security Tips Experts\u201d link (#4) in the table of contents below.\n\nWebsite Security Tips Table of Contents\n<ol role=\"directory\">\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#17-website-it-and-cybersecurity-professionals-weigh-in-on-how-to-make-a-website-secure-and-things-you-should-avoid-doing-with-their-expert-tips\" rel=\"noopener\">17 website, IT and cybersecurity professionals weigh in on how to make a website secure (and things you should avoid doing) with their expert tips<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#14-website-security-tips-on-how-to-make-your-website-secure\" rel=\"noopener\">14 Website Security Tips on How to Make Your Website Secure<\/a>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-629a552 elementor-widget elementor-widget-text-editor\" data-id=\"629a552\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#1-implement-strong-password-requirements-and-follow-password-management-best-practices\" rel=\"noopener\">1. Implement Strong Password Requirements and Follow Password Management Best Practices<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#2-implement-strong-authentication-methods-and-limit-access\" rel=\"noopener\">2. Implement Strong Authentication Methods and Limit Access<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#3-don%E2%80%99t-allow-unvalidated-file-uploads-to-your-website\" rel=\"noopener\">3. Don\u2019t Allow Unvalidated File Uploads to Your Website<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#4-use-encryption-and-secure-protocols-to-serve-your-website-via-https\" rel=\"noopener\">4. Use Encryption and Secure Protocols to Serve Your Website via HTTPS<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#5-use-dns-filtering-to-restrict-access-to-specific-sites\" rel=\"noopener\">5. Use DNS Filtering to Restrict Access to Specific Sites<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#6-have-visibility-within-your-servers-databases-networks-and-general-infrastructure\" rel=\"noopener\">6. Have Visibility Within Your Servers, Databases, Networks, and General Infrastructure<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#7-keep-software-firmware-up-to-date-and-patched\" rel=\"noopener\">7. Keep Software, Firmware Up to Date and Patched<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#8-check-your-configurations-to-ensure-they%E2%80%99re-set-properly\" rel=\"noopener\">8. Check Your Configurations to Ensure They\u2019re Set Properly<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#9-use-reverse-proxies-for-large-websites\" rel=\"noopener\">9. Use Reverse Proxies for Large Websites<\/a><\/li>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4bb9a0b elementor-widget elementor-widget-text-editor\" data-id=\"4bb9a0b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#10-reconsider-hosting-multiple-websites-on-one-server\" rel=\"noopener\">10. Reconsider Hosting Multiple Websites on One Server<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#11-keep-multiple-current-website-files-and-database-backups\" rel=\"noopener\">11. Keep Multiple, Current Website Files and Database Backups<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#12-keep-your-database-separate-from-your-file-server\" rel=\"noopener\">12. Keep Your Database Separate from Your File Server<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#13-use-the-right-website-security-tools-and-features\" rel=\"noopener\">13. Use the Right Website Security Tools and Features<\/a>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-304db63 elementor-widget elementor-widget-text-editor\" data-id=\"304db63\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#sqlmap\" rel=\"noopener\">SQLMap<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#threatrunner\" rel=\"noopener\">ThreatRunner<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#zed-attack-proxy-zap\" rel=\"noopener\">Zed Attack Proxy (ZAP)<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#multiple-solution-recommendations\" rel=\"noopener\">Multiple Solution Recommendations<\/a><\/li>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7fe3320 elementor-widget elementor-widget-text-editor\" data-id=\"7fe3320\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u00a0<\/p><ul><li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#14-review-your-web-server-security-policies-regularly\" rel=\"noopener\">14. Review Your Web Server Security Policies Regularly<\/a><\/li><li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#website-security-tips-7-website-security-mistakes-to-avoid\" rel=\"noopener\">Website Security Tips: 7 Website Security Mistakes to Avoid<\/a><ol><li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#believing-cyber-security-is-%E2%80%9Call-or-nothing%E2%80%9D\" rel=\"noopener\">Believing Cyber Security Is \u201cAll or Nothing\u201d<\/a><\/li><li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#being-negligent-and-ignoring-the-obvious\" rel=\"noopener\">Being Negligent and Ignoring the Obvious<\/a><\/li><\/ol><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f32e377 elementor-widget elementor-widget-text-editor\" data-id=\"f32e377\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#having-poor-password-selection-management-and-policies\" rel=\"noopener\">Having Poor Password Selection, Management, and Policies<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#using-default-credentials-site-addresses-and-database-prefixes\" rel=\"noopener\">Using Default Credentials, Site Addresses, and Database Prefixes<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#including-session-ids-in-urls\" rel=\"noopener\">Including Session IDs in URLS<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#lacking-regular-website-testing\" rel=\"noopener\">Lacking Regular Website Testing<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#trusting-their-security-to-one-product-or-solution\" rel=\"noopener\">Trusting Their Security to One Product or Solution<\/a><\/li>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-3896959 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3896959\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-89722e6\" data-id=\"89722e6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-481c257 elementor-widget elementor-widget-text-editor\" data-id=\"481c257\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#meet-the-website-security-tips-experts-listed-in-alphabetical-order-by-surname\" rel=\"noopener\">Meet the Website Security Tips Experts (Listed in Alphabetical Order by Surname)<\/a><\/li>\n \t<li><a href=\"https:\/\/sectigostore.com\/blog\/how-to-secure-a-website-website-security-tips-for-businesses\/#final-thoughts-on-these-website-security-tips-and-how-to-secure-your-website\" rel=\"noopener\">Final Thoughts on These Website Security Tips and How to Secure Your Website<\/a><\/li>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2065262 elementor-widget elementor-widget-heading\" data-id=\"2065262\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h2 id=\"14-website-security-tips-on-how-to-make-your-website-secure\">14 Website Security Tips on How to Make Your Website Secure<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-120f7cf elementor-widget elementor-widget-image\" data-id=\"120f7cf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2019\/03\/secure-wordpress-website-1024x606.jpg\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4c002cf elementor-widget elementor-widget-heading\" data-id=\"4c002cf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"1-implement-strong-password-requirements-and-follow-password-management-best-practices\">1. Implement Strong Password Requirements and Follow Password Management Best Practices<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e66ccb2 elementor-widget elementor-widget-text-editor\" data-id=\"e66ccb2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAccount security is often only as good as the passwords and management strategies that are used to manage them. If you\u2019re using insecure passwords, or if you aren\u2019t regularly updating them or managing them, then you\u2019re quickly going to find yourself on a trip up a stinky brown creek.\n\nThe experts also had a lot to say on the topic:\n<blockquote><em>One of the most common website security threats is the usage of weak passwords. When passwords are not set using the correct procedures, they can be easily hacked by external actors which will allow them to infiltrate your website. The risk of weak passwords can easily be fixed by educating employees about the importance of strong passwords. By implementing a password manager tool or multi-factor authentication it can offer an additional layer of security against possible website attacks.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Sivan Tehila, director of solution architecture of\u00a0Perimeter 81<\/strong><\/cite><\/blockquote>\n\n<hr \/>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9185467 elementor-widget elementor-widget-text-editor\" data-id=\"9185467\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tBut what exactly constitutes \u201cweak\u201d passwords?\n<blockquote><em>You need to setup a secure password that isn\u2019t associated with your or your lifestyle, hobbies, etc. You can use an on-line password generator. Be careful as there was a site that generated the same password for all users. This was a trap by hackers, who would then try this password for numerous accounts.<\/em>\n\nYou can use a combination of dates, names and locations; merging them will make them a lot more secure than single terms. Use upper and lower case, alphanumeric characters, numbers and non-real life words.\n\nIdeally you should change your passwords. monthly, but if not, quarterly is reasonably safe, and don\u2019t use the same passwords for multiple sites as you can be a victim of multiple hacks. Your email or user name can be tracked among multiple sites. If hackers gain access to one of your accounts then they will try the same password across all other sites. This is normal protocol for them.\u201d\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Dustin Vann, owner &amp; website manager at Trusy Social<\/strong>\u00a0<strong>(Trusy.co)<\/strong><\/cite><\/blockquote>\n\n<hr \/>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-905831c elementor-widget elementor-widget-text-editor\" data-id=\"905831c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tOf course, there are other considerations as well when it comes to website password security. In addition to the complexity of the passwords and how frequently you change them, another consideration is how to manage those passwords and keep them secure.\n<blockquote><em>One big tip we have is ensuring you have multi-factor enabled, especially if you are using a CMS system like WordPress. It is so easy for someone to break your password through a phishing attack or WordPress vulnerability. They can use your credentials to mangle your website, install malware, and destroy your brand.\u201d<\/em>\n\n<cite><strong>\u2014 Nick Santora, co-founder and CEO at Curricula<\/strong><\/cite><\/blockquote>\n\n<hr \/>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13d61e2 elementor-widget elementor-widget-text-editor\" data-id=\"13d61e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>When possible, it\u2019s best to protect passwords with 2FA, or 2-Factor authentication. A Yubikey is ideal, but authenticator apps are useful as well. Doing so will provide an additional layer of protection in the off chance your password is compromised or your phone is SIM-swapped.<\/em>\n\n<em>People are storing more and more value online and virtual items and assets like cryptocurrencies are becoming more mainstream, which has led to a huge surge in 2FA support across a variety of platforms, be it Twitter, Facebook, Coinbase, Amazon, iCloud and more. Every day there\u2019s less of an excuse to not have Google Authenticator downloaded on your iOS or Android.\u201d<\/em><\/blockquote>\n<cite><strong>\u2014 Corey Petty, senior security engineer at Status<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-069ad24 elementor-widget elementor-widget-heading\" data-id=\"069ad24\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"2-implement-strong-authentication-methods-and-limit-access\">2. Implement Strong Authentication Methods and Limit Access<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b0f261a elementor-widget elementor-widget-text-editor\" data-id=\"b0f261a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tWhen it comes to web\u00a0<a href=\"https:\/\/sectigostore.com\/blog\/the-difference-between-authentication-and-authorization-explained-in-detail-by-a-security-expert\/\" rel=\"noopener\">authentication<\/a>, you definitely have a lot of options. You\u2019ve got the traditional\u00a0<a href=\"https:\/\/sectigostore.com\/blog\/what-is-multi-factor-authentication-and-how-does-it-differ-from-2fa-sfa\/\" class=\"broken_link\" rel=\"noopener\">two-factor and multi factor authentication<\/a>\u00a0mechanisms. But there also are hardware tokens and other types of measures available as well as using digital signatures. Make sure that you choose whatever authentication method works best for your organization and hardens your defenses.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-651a4da elementor-widget elementor-widget-text-editor\" data-id=\"651a4da\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tFurthermore, regardless of what Pam in accounting says,\u00a0<em>not everyone needs access to everything<\/em>. This is why limiting access to what users actually need is crucial to website security.\n<blockquote><em>Enable secure access to your admin area via IP whitelisting or Two-Factor Authentication. Practice regular account auditing for admin accounts as well as API users and remove any that are unnecessary or adjust access to only necessary areas.\u201d<\/em>\n\n<cite><strong>\u2014 Brian Taylor, co-founder of Forix<\/strong><\/cite><\/blockquote>\n\n<hr \/>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dedb121 elementor-widget elementor-widget-text-editor\" data-id=\"dedb121\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>Websites owner make a mistake in giving credentials to partners, Instead, if partners need to pull user data from your site, provide them with an OAuth based API. This is also known as\u00a0<\/em><a href=\"http:\/\/www.designingsocialinterfaces.com\/patterns.wiki\/index.php?title=The_Password_Anti-Pattern\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><em>the Password Anti-Pattern<\/em><\/a><em>.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8b48486 elementor-widget elementor-widget-text-editor\" data-id=\"8b48486\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>User and admin list should be reviewed and cleaned up if such people are no longer part of that project\/entity\/company\/etc.\u201d<\/em>\n\n<cite><strong>\u2014 Ross Thomas, IT administrator at SectigoStore.com<\/strong><\/cite><\/blockquote>\nLogin functionality and session management are also important considerations in website security:\n<blockquote><em>Check the session management, after login does not perform any user action for 15 mins, Let say your session timeout is 15 min, After 15 mins if you perform any user action, It should automatically be logged out from the website.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\n\n<hr \/>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6549006 elementor-widget elementor-widget-text-editor\" data-id=\"6549006\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>Avoid staying logged in to inactive sessions. Not only could data be being collected on you in the background, but it increases the chance of someone maliciously accessing your account. Additionally, if you\u2019re using a centralized identity service like Google, Twitter, or Facebook as your login, if someone hacks one of those accounts, they\u2019ll immediately gain access to your connected accounts too. Don\u2019t reuse passwords, especially on valuable services like email, online banking, identity services. Use a password manager to help you.\u201d<\/em>\n\n<cite><strong>\u2014 Corey Petty, a\u00a0Senior Security Engineer at Status<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-345ea3b elementor-widget elementor-widget-heading\" data-id=\"345ea3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"3-don\u2019t-allow-unvalidated-file-uploads-to-your-website\">3. Don\u2019t Allow Unvalidated File Uploads to Your Website<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-90b4a78 elementor-widget elementor-widget-text-editor\" data-id=\"90b4a78\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tEven though the Open Web Application Security Project (OWASP) itself warns against allowing \u201cjust anyone\u201d to upload files and other content to websites, it never fails to amaze me how many websites simply ignore those guidelines and do it anyway. The\u00a0<a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/File_Upload_Cheat_Sheet.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">OWASP File Upload Cheat Sheet<\/a>\u00a0outlines some great principles to follow for secure file upload implementation (which we won\u2019t go into listing them all here).\n\nBut why is this such a critical move for website security? Let\u2019s ask one of the pros:\n<blockquote><em>Here is one way that a lot of websites get hacked. A lot of websites will allow unvetted file uploads to their website. The grave mistake website owners make is that they only check the file extension and determining if it\u2019s safe based of that. This is a huge error since the extensions can easily be faked and .exe files aren\u2019t the only thing that can cause damage. For example, images can have dangerous PHP code in the comments.\u00a0There are some workarounds that website owners can do. One is to simply not allow the users to execute any files that they upload. This means that the files will be stored in the database, outside of the server where your website is stored. Make sure that the files uploaded are using a secure mode of transportation with SFTP and SSH ports. The second one is to do a quick check to verify that the file extension is the correct one by simply changing the extension name.\u201d<\/em>\n<cite><strong>\u2014 Mark Soto, owner of Cybericus<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0eeb6b5 elementor-widget elementor-widget-heading\" data-id=\"0eeb6b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"4-use-encryption-and-secure-protocols-to-serve-your-website-via-https\">4. Use Encryption and Secure Protocols to Serve Your Website via HTTPS<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-88c0cb2 elementor-widget elementor-widget-text-editor\" data-id=\"88c0cb2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tOh, yeah. You knew this would make our expert tips list somehow. Using\u00a0<a href=\"https:\/\/sectigostore.com\/ssl-types\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">SSL\/TLS certificates<\/a>\u00a0for your website and server to facilitate a secure, encrypted connection between two parties (i.e. your site visitors\u2019 clients and your web browser) is essential. We don\u2019t only say that because we happen to sell such certificates, but because serving websites via HTTPS is actually required by Google and the other major browsers to avoid being slapped with a tacky \u201cNot Secure\u201d label.\n\nThankfully, we\u2019re not alone \u2014 David Alexander, Alexander M. Kehoe, Dave Hatter, Ross Thomas, and Greg Rogozinski also agree and emphasize the importance of SSL\/TLS protecting users\u2019 sensitive information.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e1e832f elementor-widget elementor-widget-text-editor\" data-id=\"e1e832f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tProbably the two who put it best, though, are Luka Arezina and Sivan Tehila:\n<blockquote><em>One good tip for any website owner, especially eCommerce websites, is to set up SSL security on the domain. Having an SSL-secured domain lets your future customers know that they are visiting a website where the data is coming from a secure source.\u00a0This is visually displayed as a \u201cgreen padlock\u201d icon on the website address field, in the top-left corner of your browser.\u00a0<\/em>\n\n<em>A secure domain also lets visitors on your website know right from the landing page that your company takes cybersecurity seriously. It also prevents \u201ccontent warning\u201d and \u201cunsecured connection\u201d messages from spooking away your potential customers. Additionally, it adds another layer of data protection to transactions on the website, which is critical for doing business online.\u201d<\/em>\n\n<cite>\u2014\u00a0<strong>Luka Arezina, editor-in-chief at DataProt<\/strong><\/cite><\/blockquote>\n\n<hr \/>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e7f020c elementor-widget elementor-widget-text-editor\" data-id=\"e7f020c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>When it comes to best website security tips, the first one that comes to mind is making sure your website has an SSL connection. An SSL connection is an encryption method that is used when a visitor makes a connection to your web host server. This is one of the easiest ways to ensure your customer\u2019s information is secure. Additionally, Google warns visitors when they\u2019re entering a site without SSL.\u201d<\/em>\n\n<cite><strong>\u2014 Sivan Tehila, Director of Solution Architecture of\u00a0Perimeter 81<\/strong><\/cite><\/blockquote>\n\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ae79cd5 elementor-widget elementor-widget-heading\" data-id=\"ae79cd5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"5-use-dns-filtering-to-restrict-access-to-specific-sites\">5. Use DNS Filtering to Restrict Access to Specific Sites<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e29ffb5 elementor-widget elementor-widget-text-editor\" data-id=\"e29ffb5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tIf only there was a way to protect your employees from accidentally downloading web-borne threats\u2026 Oh, wait, there is! It\u2019s called using a DNS filter. The domain name system (DNS), which (in a roundabout sort of way) is used as an intermediary between browsers and servers to convert \u201cgoogle.com\u201d or \u201capple.com\u201d into an IP address that the server can retrieve, also has some handy filtering capabilities.\n\nSo, why is it such a great option for cybersecurity? Sivan Tehila is, again, quick with an answer:\n<blockquote><em>One of the best website security tools I recommend to implement is a DNS filtering feature. DNS filtering offers businesses the option to restrict employee access to certain URLs, by defining which are either permitted or blocked sites. One of the key reasons why every business should adopt DNS filtering is to prevent employees from gaining access to websites that don\u2019t help them with their jobs, or sites that can create major security risks for the organization. By limiting access to certain URLs, it helps employees be more productive and helps to fight off potential security risks such as data loss, malware, or even legal issues.\u201d<\/em>\n\n<cite><strong>\u2014 Sivan Tehila, Director of Solution Architecture of\u00a0Perimeter 81<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4fd6920 elementor-widget elementor-widget-heading\" data-id=\"4fd6920\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"6-have-visibility-within-your-servers-databases-networks-and-general-infrastructure\">6. Have Visibility Within Your Servers, Databases, Networks, and General Infrastructure<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-af7b240 elementor-widget elementor-widget-text-editor\" data-id=\"af7b240\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tWebsite and IT admins worldwide face a very real and frustrating conundrum every day: They\u2019re expected to keep networks, computer systems, and websites safe from the reach of hackers and cybercriminals. Heck, you\u2019re probably one of them. But how can you protect what you don\u2019t know you have? This is where having strong visibility is key:\n<blockquote><em>In short, know what is being deployed in your infrastructure. If you can\u2019t tell when a new device is added anywhere on your network, there\u2019s an issue. Organizations are compromised everyday via third-party systems or shadow IT that they didn\u2019t know was on the network.\u201d<\/em>\n\n<cite><strong>\u2014 Brad Pierce, director of network security at HORNE Cyber<\/strong><\/cite><\/blockquote>\n\n<hr \/>\n\nWhether it\u2019s a mobile device, an SSL\/TLS certificate, or an\u00a0<a href=\"https:\/\/sectigostore.com\/blog\/10-iot-security-tips-you-can-use-to-secure-your-iot-devices\/\" rel=\"noopener\">IoT device<\/a>\u00a0like a smart printer, you need to know what\u2019s connected to your systems at all times to prevent\u00a0<a href=\"https:\/\/sectigostore.com\/blog\/data-leak-8-data-leakage-prevention-tips-for-your-organization\/\" target=\"_blank\" rel=\"noreferrer noopener\" label=\" (opens in a new tab)\" class=\"broken_link\">data leaks<\/a>\u00a0and to improve your website security efforts (and general cybersecurity) as a whole. Shadow IT and unknown digital certificates for websites not only leave your business at risk, but it can cost you time and money as well in terms of downtime and noncompliance penalties.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac5e649 elementor-widget elementor-widget-heading\" data-id=\"ac5e649\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"7-keep-software-firmware-up-to-date-and-patched\">7. Keep Software, Firmware Up to Date and Patched<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ae8b577 elementor-widget elementor-widget-text-editor\" data-id=\"ae8b577\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThis next point nicely follows the last point. While it\u2019s not only important to have full visibility of your network, IT infrastructure, and tech components, it\u2019s also essential that you make sure everything is current. I\u2019m talking about updates and patches here.\n\nAt one point or another any software or server is going to require updates and\/or patching. Keeping everything up to date not only enables you to operate using the newest everything, but it also helps you to patch any gaps in your cybersecurity defenses that manufacturers fixed with those updates. You can do this manually, or you can rely on automatic updates.\n<blockquote><em>One of the first tips I start with is making sure your server isn\u2019t using an old version of PHP like the 5.x generation. I see this issue on a regular basis when PHP 5.x has been retired and not receiving\u00a0security and bug fixes since\u00a01 January 2019.\u201d<\/em>\n\n<cite>\u2014<strong>\u00a0David Alexander, designer, developer and digital marketer at MazePress<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28bdc0b elementor-widget elementor-widget-heading\" data-id=\"28bdc0b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"8-check-your-configurations-to-ensure-they\u2019re-set-properly\">8. Check Your Configurations to Ensure They\u2019re Set Properly<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6bedcdd elementor-widget elementor-widget-text-editor\" data-id=\"6bedcdd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTaking the time to periodically check your site configurations is simple and is a best practice. For one, this expert tip helps you to ensure that not changes were made to your existing configurations. Secondly, it also gives you a chance to review what your current configurations are in case you do need to make some changes.\n\nBut what do they experts have to say about it?\n<blockquote><em>One of the biggest gaps that I see is the lack of security around website configurations (database credentials, API tokens, etc.). Most websites store their configurations either un-encrypted on their servers, or even worse, directly in code. And developers typically share the configs through unsecure channels like Slack or Email.<\/em>\n\n<em>A solution to this would be to encrypt configurations, however managing how to decrypt and inject that configuration securely is a huge challenge. I run a startup that is building a product called \u201cCourier\u201d (CourierConfig.com) that helps users secure their application configuration for deployment and securely share their configuration. This was really born out of the difficulty of managing websites\u2019 configuration.\u201d<\/em>\n<cite><strong>\u2014<\/strong>\u00a0<strong>Yoseph Radding, software engineer and Cofounder of Shuttl LLC<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-db62473 elementor-widget elementor-widget-heading\" data-id=\"db62473\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"9-use-reverse-proxies-for-large-websites\">9. Use Reverse Proxies for Large Websites<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a7da4e2 elementor-widget elementor-widget-text-editor\" data-id=\"a7da4e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAlthough not everyone thinks it\u2019s necessary to go to the trouble of implementing them, using reverse proxies is a practice that\u2019s been known to secure multiple web servers from web application vulnerabilities. These proxies are typically used to not only increase security, but they also increase performance and general reliability because they often have greater resources at their disposal.\n<blockquote><em>While I would agree it is easier said than done, reverse proxies are a great security-related solution for larger websites or clusters of websites. A reverse proxy is a server that handles requests (typically the public facing 443 and 80 requests) to webserver(s) that the proxy sits in front of. When it is time to handle requests to the public, the reverse proxy will get the information (typically cached) from the webservers and then serve it to the requestors. So, a user would not be requesting directly from the webserver, but it would be requesting from the reverse proxy.<\/em>\n\n<em>This adds another layer of security between and the requests made from reverse proxy to webserver can be way more secure without worry of breaking access or adding tons of overhead during high-traffic times.\u201d<\/em>\n\n<cite><strong>\u2014 Ross Thomas, IT administrator at SectigoStore.com<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e21b533 elementor-widget elementor-widget-heading\" data-id=\"e21b533\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"10-reconsider-hosting-multiple-websites-on-one-server\">10. Reconsider Hosting Multiple Websites on One Server<\/h3><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c611fb elementor-widget elementor-widget-image\" data-id=\"9c611fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/03\/ssl_offloading-1024x640.jpg\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c0194b elementor-widget elementor-widget-text-editor\" data-id=\"3c0194b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tWhile there is not necessarily anything inherently \u201cbad\u201d about hosting multiple websites simultaneously on a server, there is security concern that the sites might have some limited level of access to each other. Basically, the issue here is the risk of cross-site contamination in shared hosting environments.\n\n<a href=\"https:\/\/blog.sucuri.net\/2020\/01\/what-is-cross-site-contamination.html\" rel=\"noopener\">Cross-site contamination<\/a>\u00a0results when websites in a shared server environment aren\u2019t properly isolated.\n<blockquote><em>You should avoid running multiple websites on one server and I\u2019ve seen this mistake done numerous times. Secondly, you should create a separate database for each site instead of using prefixes. This will help you keep your websites isolated.\u201d<\/em>\n\n<cite><strong>\u2014 Mihai Corbuleac, information security consultant at StratusPointIT<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6241f1b elementor-widget elementor-widget-heading\" data-id=\"6241f1b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"11-keep-multiple-current-website-files-and-database-backups\">11. Keep Multiple, Current Website Files and Database Backups<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-34a6f2a elementor-widget elementor-widget-text-editor\" data-id=\"34a6f2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThe importance of regularly creating and maintaining up-to-date\u00a0<a href=\"https:\/\/sectigostore.com\/codeguard\/backup\" rel=\"noopener\">website and database backups<\/a>\u00a0should go without saying. Basically, if crap hits the proverbial fan and you don\u2019t have your files, content, plugins, and anything else related to your website backed up, then you\u2019re really going to regret it.\n\nOur web and IT experts are in agreement:\n<blockquote><em>They say prevention is better than the cure, but having a fallback plan is also a good idea. You should back up your website regularly in the unlikely event that it gets compromised. Luckily for you, some hosting providers do it for you automatically. However, this is no excuse to not do it yourself, since this is your website after all. Having an off-site backup somewhere might just be the magic cure that resurrects your website from the dead.\u201d\u00a0<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\n\n<hr \/>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-80fd141 elementor-widget elementor-widget-text-editor\" data-id=\"80fd141\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>Also, is crucial to back up your website regularly. Of course, some hosting providers do it for you, automatically, but for improved security it\u2019s best to keep off-site backups.\u201d<\/em>\n\n<cite><strong>\u2014 Mihai Corbuleac, information security consultant at StratusPointIT<\/strong><\/cite><\/blockquote>\n\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a32cdd elementor-widget elementor-widget-heading\" data-id=\"5a32cdd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"12-keep-your-database-separate-from-your-file-server\">12. Keep Your Database Separate from Your File Server<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0217341 elementor-widget elementor-widget-text-editor\" data-id=\"0217341\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThere are different reasons why someone would choose to host their files on the same server as their database. One of the most common is convenience or to save on cost. However, there are some regulations that may require a separation of duties (SoD). The Payment Card Industry Data Security Standard (PCI DSS) is one of them.\n\n<a href=\"https:\/\/www.pcisecuritystandards.org\/pdfs\/pci_dss_validation_requirements_for_qualified_security_assessors_QSAs_v1-1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">PCI DSS Rule 2.2.1<\/a>\u00a0of the most recent Requirements and Security Assessment Procedures doc (version 3.2.1) specifies that PCI DSS compliance businesses must \u201cimplement only one primary function per server to prevent functions that require difference security levels from co-existing on the same server.\u201d So, this means that any database containing sensitive financial data, such as credit card details, must be separate and can\u2019t communicate directly with the internet.\n\nSo, if you don\u2019t need to be compliant with PCI DSS for some reason, what other reason could you have for wanting to separate your web or application servers from your database? Some experts argue that running a multi-server environment can actually be beneficial because it increases the number of resources and connections you can support, and that it also can make monitoring more effective.\n<blockquote><em>I highly recommend that you separate the database from the file server. It might be costly at first, but doing this will ensure that no attacker will have access to sensitive data found in your database. You might have a compromised website but at least information like bank accounts, credit cards, and personal information.\u201d<\/em>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ab13ea4 elementor-widget elementor-widget-text-editor\" data-id=\"ab13ea4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\n\n<hr \/>\n\n<blockquote><em>Depending on what your site is doing, user data is always a big point of contention and can lead to the dreadful lawsuits\/PR embarrassment. Do right by your customers\/clients and protect their data.<\/em>\n\n<em>One thing that should always be practiced, no matter how small the site, is to offload any database related to the website onto a different server. The amount of code added to makes calls\/queries to the database server is often minimal, but moreso than making calls to the local machine. And, as long as you have your database being accessed through a local network, as in no public facing network interfaces, that immediately complicated any hackers\u2019 attempts to gaining access to that data. Though, it is certainly not impossible.<\/em>\n\n<em>Things like tokenization or encryption can help protect the data itself. Consider using these if you are holding sensitive user information, such as addresses or payment information. Encryption makes a lot of sense when the database is only be accessed by a few things.\u201d<\/em>\n\n<cite><strong>\u2014 Ross Thomas, IT administrator at SectigoStore.com<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d40a6b elementor-widget elementor-widget-heading\" data-id=\"4d40a6b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"13-use-the-right-website-security-tools-and-features\">13. Use the Right Website Security Tools and Features<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-36f20da elementor-widget elementor-widget-text-editor\" data-id=\"36f20da\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tEvery website owner or administrator should be using secure architectural design and coding practices. Furthermore, it\u2019s crucial that they also use standard defense and threat detection mechanisms as well, including vulnerability scanning tools and web application firewalls.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-095284d elementor-widget elementor-widget-text-editor\" data-id=\"095284d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tBut what other software, plugins, extensions, etc. would be useful? We posed this question to the experts as well. Here\u2019s what they had to say:\n<h4 id=\"sqlmap\">SQLMap<\/h4>\n<blockquote><em>SQL injections have become really trendy lately, and I believe that most hackers are prone to using this especially with the rise of cloud-based systems like Microsoft Azure. If you didn\u2019t know SQL injection is effective for cloud-based systems which is why a lot of security experts are finding ways to stop this vulnerability.\u00a0<\/em><a href=\"http:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><em>SQLMap<\/em><\/a><em>\u00a0is an open-source testing tool that can detect SQL flaws in the system allowing you to fix potential areas that are targets for SQL injection. I highly recommend that anyone with a website get this.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\n<h4 id=\"threatrunner\">ThreatRunner<\/h4>\n<blockquote><em>Being proactive and taking an offensive approach to ensuring online security is the better option, as compared to waiting to see if an attack comes.\u00a0<\/em><a href=\"https:\/\/threatrunner.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><em>Threat Runner<\/em><\/a><em>\u00a0is a penetration tool that is designed to safely simulate a malware infection on an organization\u2019s network. Through reverse engineering and the de-weaponization of authentic malware samples, it mitigates the risk of damage of an attack through knowledge and context of vulnerabilities within the network, strengthening security posture.\u201d<\/em>\n<cite><strong>\u2014 Brad Pierce, director of network security at HORNE Cyber<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4adfa7a elementor-widget elementor-widget-heading\" data-id=\"4adfa7a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"zed-attack-proxy-zap\">Zed Attack Proxy (ZAP)<\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7416fc6 elementor-widget elementor-widget-text-editor\" data-id=\"7416fc6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>ZAP is also a web security application that every website owner should get. It\u2019s open-source software that simulates an attack allowing the program to find vulnerabilities in your systems such as missing anti-CSRF tokens, private IP disclosure, SQL injections, and\u00a0XSS injections. ZAP is also very intuitive, making it usable for both beginners and pros alike.<\/em>\u201d\n\n<cite>\u00a0<strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\n<h4 id=\"multiple-solution-recommendations\">Multiple Solution Recommendations<\/h4>\nAnd some experts believe there is never just one solution that should be put to work:\n<blockquote><em>I don\u2019t think the professionals\u00a0limit their selves with one or two tools, so it is not possible to have favorite ones. It is all about to clarify what do want to do and what is your goal, because every tool has its own specificity.\u201d<\/em>\n\n<cite>\u2014\u00a0<strong>Ben Hartwig, chief security officer and head software engineer at InfoTracer<\/strong><\/cite><\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aeb6e92 elementor-widget elementor-widget-text-editor\" data-id=\"aeb6e92\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<hr \/>\n\n<blockquote><em>Duo Two-Factor Authentication is a great service that allows you to securely log in without being restricted by location or IP address. On the fraud prevention front both Kount and Signifyd provide great services for verifying identity and protecting businesses from fraudulent credit card use, which is rampant in this day and age.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Brian Taylor, co-founder of Forix<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-703f3b5 elementor-widget elementor-widget-heading\" data-id=\"703f3b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3 id=\"14-review-your-web-server-security-policies-regularly\">14. Review Your Web Server Security Policies Regularly<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2351fff elementor-widget elementor-widget-text-editor\" data-id=\"2351fff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tWhile this should be part of your regular responsibilities relating to website security, it\u2019s surprising how many people try to put it off for another day (that, ultimately, may never come). Reviewing your security policies is something that should be done on a regular basis \u2014 quarterly, ideally.\n<blockquote><em>Security policies can encompass a lot of things, but the main points are who has access to what and how do they do it. Of course, the \u2018why\u2019 is the reason why we even do all of this\u2026.<\/em>\n\n<em>Reviewing the access policy (basically like a lower level firewall) for your webserver is a good way to close the roads of the unwanted requests. Typically, you\u2019d want your public-facing traffic going through port 443 (HTTPS) or port 80 (I guess) but specifying admin access (typically using something like SSH) to certain IP addresses will really limit access to the backend and parts outside of the website.<\/em>\n\n<em>Review patches for critical software that are (likely) improvements in the software\u2019s security. Unless the flaw is critical and propagating quickly, I would also wait on patches and review feedback so efforts to secure a problem are not doubled.\u201d<\/em>\n\n<cite><strong>\u2014 Ross Thomas, IT administrator at SectigoStore.com<\/strong><\/cite><\/blockquote>\n<em>But, wait, there\u2019s only 14 website security tips listed here!<\/em>\u00a0Yes, I know. That\u2019s because the experts also had some suggestions about things you should avoid doing to improve your website security (and general cyber security as a whole) as well that I\u2019d like to share.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c0d706 elementor-widget elementor-widget-heading\" data-id=\"6c0d706\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h2 id=\"website-security-tips-7-website-security-mistakes-to-avoid\">Website Security Tips: 7 Website Security Mistakes to Avoid<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-621fd44 elementor-widget elementor-widget-text-editor\" data-id=\"621fd44\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Now that we\u2019ve covered some of the website security best practices that should be implementing or following, I thought it would be fun to also ask these experts what sort of website security mistakes that people should avoid. Of course, there are the usual things \u2014 don\u2019t ignore your security, make your budget match your security efforts, etc. But, surely, there are other recommendations, right?<\/p><p>Needless to say, I wasn\u2019t disappointed. Here are some of the insights from these website and cybersecurity experts about what you should not do when it comes to website security:<\/p><h4 id=\"believing-cyber-security-is-\u201call-or-nothing\u201d\">\u00a0<\/h4>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c87c42 elementor-widget elementor-widget-heading\" data-id=\"1c87c42\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"believing-cyber-security-is-\u201call-or-nothing\u201d\">Believing Cyber Security Is \u201cAll or Nothing\u201d<\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dad6334 elementor-widget elementor-widget-text-editor\" data-id=\"dad6334\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>The biggest mistake we see in cyber security is the mindset that it is all or nothing. You don\u2019t need to budget a million dollars a year to have a full time cyber-security consulting firm watching your every move. For most businesses, especially small businesses, all they really need is some very minor protection from firewall software, an SSL certificate, and 2-factor authentication\u00a0of their passwords. You can absolutely find free and cheap tools to protect your website from 90% of attacks without bankrupting\u00a0your company.<\/em>\n\n<em>Once you can afford a more robust security apparatus, then you can buy one. Don\u2019t be afraid to take a few\u00a0minor\u00a0steps, because those may be enough to save your business from the majority of attacks.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Alexander M. Kehoe, Co-founder and Operations Director at Caveni<\/strong><\/cite><\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f8b759 elementor-widget elementor-widget-heading\" data-id=\"0f8b759\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"being-negligent-and-ignoring-the-obvious\">Being Negligent and Ignoring the Obvious<\/h4>\n<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b8fbe2d elementor-widget elementor-widget-text-editor\" data-id=\"b8fbe2d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>It\u2019s usually a matter of not bothering with the obvious things. Not making sure you\u2019re up to date on PCI vulnerability scans, not limiting access to your admin area due to inconvenience, and not investing in staying up to date with the software versions are the most common reasons we\u2019ve seen for breaches.\u201d<\/em>\n\n<cite><strong>\u2014 Brian Taylor, co-founder of Forix<\/strong><\/cite><\/blockquote>\nIT security consultant Dave Hatter says that some of the most important things to consider when securing web applications can be found on\u00a0<a href=\"https:\/\/sectigostore.com\/blog\/what-is-owasp-what-are-the-owasp-top-10-vulnerabilities\/\" rel=\"noopener\">OWASP\u2019s Top 10<\/a>\u00a0and\u00a0<a href=\"https:\/\/cwe.mitre.org\/top25\/archive\/2019\/2019_cwe_top25.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">CWE\u2019s Top 25<\/a>\u00a0lists.\n<blockquote><em>Of these lists, the things that seem to be most often overlooked and most easily corrected are:<\/em>\n\n<em>\u2013 Injection attacks (SQL, Command): Validating ALL input against a whitelist and disallowing dynamic queries (requiring parameterized queries or stored procedures)<\/em>\n\n<em>\u2013 Broken authentication: Ensuring that all secured pages require a unique token along with complete mediation, ensuring that each and every access to a secured object is checked for authorization can solve this issue<\/em>\n\n<em>\u2013 Sensitive data exposure: Encryption, least privilege and least common mechanism can solve this issue<\/em>\n\n<em>\u2013 Hardened systems: CIS Benchmarks can help admins harden and secure on-premises systems, and Cloud based platforms like Azure, when configured correctly can provide additional security for web apps.\u201d<\/em>\n\n<cite><strong>\u2014 Dave Hatter, IT security consultant at Intrust IT<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bdd4676 elementor-widget elementor-widget-heading\" data-id=\"bdd4676\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"having-poor-password-selection-management-and-policies\">Having Poor Password Selection, Management, and Policies<\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7b5b3f1 elementor-widget elementor-widget-text-editor\" data-id=\"7b5b3f1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>Common mistakes people make with passwords that make them easily hackable is people using notable people, pets and dates personal to them, which of course these words will be the first passwords that a hacker will attempt!\u201d<\/em>\n\n<cite><strong>\u2014 Dustin Vann, Owner &amp; Website Manager at Trusy Social<\/strong>\u00a0<strong>(Trusy.co)<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7beb8d6 elementor-widget elementor-widget-heading\" data-id=\"7beb8d6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"using-default-credentials-site-addresses-and-database-prefixes\">Using Default Credentials, Site Addresses, and Database Prefixes<\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc7c1b3 elementor-widget elementor-widget-text-editor\" data-id=\"bc7c1b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>My tips to help protect websites from one of the most popular security problems that is breaking into the admin system using brute-force. Oftentimes, when e.g. bots try to guess the admin password and you have a standard \u201cwp-admin\u201d panel address and a default \u201cadmin\u201d username, it is easy for them to break into your system. The following tips will help prevent it.<\/em>\n\n<em>What I recommend is to, first of all, change the default login admin panel address to one made by yourself, e.g. \u201c\/wp-admin\u201d to \u201c\/my-own-secure-cms-panel\u201d. The next step is changing the default administrator name, e.g. from \u201cadmin\u201d to \u201cmylogin2746\u201d. If you are using an open-source CMS, change the default database prefixes e.g. \u201cwp\u201d to \u201chj34\u201d. WordPress\u2019 users should additionally install a security plugin, such as Wordfence or iThemes Security. Another good practice is to introduce two-step verification of users when logging into the admin panel.\u201d<\/em>\n\n<cite><strong>\u2014 Greg Rogozinski, co-founder and CEO of Cut2Code<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc67783 elementor-widget elementor-widget-heading\" data-id=\"dc67783\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"including-session-ids-in-urls\">Including Session IDs in URLS<\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ef188f elementor-widget elementor-widget-text-editor\" data-id=\"1ef188f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>Session-Id should not be passed to URL. It may allow an attacker to login to the system and perform unauthorized operations.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\n<h4 id=\"lacking-regular-website-testing\">Lacking Regular Website Testing<\/h4>\n<blockquote><em>One of the most common mistakes that I see a lot of website owners make is that they don\u2019t test their website regularly. Scanning can help detect problems, but testing the website itself will reveal problems with the code itself. You\u2019ll be able to see which parts are vulnerable to attack and which areas to improve. Testing your website regularly after a new update is a must to ensure that no one will take advantage of poorly written code.\u201d<\/em>\n\n<cite><strong>\u2014<\/strong>\u00a0<strong>Kenny Trinh, CEO of GeekWithLaptop and founder and CEO of Netbooknews<\/strong><\/cite><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-71ab176 elementor-widget elementor-widget-heading\" data-id=\"71ab176\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\"><h4 id=\"trusting-their-security-to-one-product-or-solution\">Trusting Their Security to One Product or Solution<\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cc9c9d4 elementor-widget elementor-widget-text-editor\" data-id=\"cc9c9d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><em>Be wary of security products and solutions that are marketed to completely protect your organization. I\u2019m not talking about the traditional requirements of firewalls, intrusion detection\/prevention, but rather the \u201cautomagic\u201d and \u201csilver bullet\u201d cybersecurity solutions of the world. There\u2019s no easy button \u2014 cybersecurity is complicated and cyber threats are constantly evolving and so should your security tools.\u201d<\/em>\n\n<cite><strong>\u2014 Brad Pierce, director of network security at HORNE Cyber<\/strong><\/cite><\/blockquote>\nNow that you\u2019ve had a chance to hear from all of these incredible industry experts, you may be wondering:\u00a0<em>Who the heck are they and why should I listen to them?<\/em>\n\nWonder no more! Let\u2019s introduce our list of experts.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cc4116e elementor-widget elementor-widget-heading\" data-id=\"cc4116e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h2 id=\"meet-the-website-security-tips-experts-listed-in-alphabetical-order-by-surname\">Meet the Website Security Tips Experts (Listed in Alphabetical Order by Surname)<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe862fb elementor-widget elementor-widget-text-editor\" data-id=\"fe862fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>David Alexander, designer, developer and digital marketer at\u00a0<\/strong><a href=\"https:\/\/mazepress.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>MazePress<\/strong><\/a>\n\nAs a web developer and WordPress expert with 14 years of experience, Alexander has had to deal with his fair share of hacked websites and offers a malware removal service.\u00a0He works with clients globally across a variety of markets.\n\n<strong>Luka Arezina, editor-in-chief at\u00a0<\/strong><a href=\"https:\/\/dataprot.net\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>DataProt<\/strong><\/a>\n\nDataProt is an online publication that\u2019s dedicated to teaching users how to stay safe online and teaches the ins and outs of cyber hygiene.\n\n<strong>Mihai Corbuleac, information security consultant at\u00a0<\/strong><a href=\"https:\/\/www.computersupport.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>StratusPointIT<\/strong><\/a>\n\nStratusPointIT is an IT support company providing professional IT support, cloud and information security services to small and medium businesses across the United States since 2006.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e9a9e4e elementor-widget elementor-widget-text-editor\" data-id=\"e9a9e4e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>Ben Hartwig, chief security officer and head software engineer at\u00a0<\/strong><a href=\"https:\/\/infotracer.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>InfoTracer<\/strong><\/a><strong>.<\/strong>\n\nHartwig is both the IT guru and the self-proclaimed digital overlord at InfoTracer. He authors guides on marketing and cyber security posture \u2014 he also loves sharing best practices to enhance website security.\n\n<strong>Dave Hatter, an IT cybersecurity consultant at\u00a0<\/strong><a href=\"https:\/\/www.intrust-it.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Intrust IT<\/strong><\/a>\n\nHatter is a software engineer and educator with more than 25 years in IT. Throughout his career, he\u2019s focused on software development and cybersecurity.\n\n<strong>Alexander M. Kehoe, Co-founder and Operations Director at\u00a0<\/strong><a href=\"https:\/\/caveni.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Caveni<\/strong><\/a>\n\nKehoe is both the co-founder and operation director at Caveni Digital Solutions, a leading digital marketing agency in Philadelphia. He\u2019s also a co-author of the book \u201cNavigate the Digital Realm\u201d and frequently speaks and consults in the fields of digital marketing, web design, artificial intelligence, and other areas of expertise.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0810d63 elementor-widget elementor-widget-text-editor\" data-id=\"0810d63\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>Corey Petty, a\u00a0Senior Security Engineer at\u00a0<\/strong><a href=\"https:\/\/status.im\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Status<\/strong><\/a>\n\nPetty is a technology enthusiast as well as a privacy and security evangelist who co-founded The Bitcoin Podcast Network. He previously served as a senior blockchain scientist, SME at Booz Allen Hamilton and has a Ph.D. in chemical physics. Status is an encrypted messenger application that also function as a crypto wallet and Web3 browser.\n\n<strong>Brad Pierce, director of network security at\u00a0<\/strong><a href=\"https:\/\/www.hornecyber.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" label=\" (opens in a new tab)\" class=\"broken_link\"><strong>HORNE Cyber<\/strong><\/a>\n\n<a href=\"https:\/\/www.hornecyber.com\/our-team\/brad-pierce\" target=\"_blank\" rel=\"noreferrer noopener\" label=\" (opens in a new tab)\" class=\"broken_link\">Pierce<\/a>\u00a0has 15 years of IT and cybersecurity experience. He manages the cybersecurity operations center where he, along with a team of cyber analysts, monitors live network traffic for clients in search of active threats. He also creates information security awareness programs for organizations to help guide them on how to best address cyber risks and remediate organization-specific vulnerabilities.\n\n<strong>Yoseph Radding, software engineer and Cofounder of\u00a0<a href=\"https:\/\/www.shuttl.io\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Shuttl LLC (opens in a new tab)\">Shuttl<\/a><a href=\"https:\/\/www.shuttl.io\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Shuttl LLC (opens in a new tab)\">,<\/a><a href=\"https:\/\/www.shuttl.io\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Shuttl LLC (opens in a new tab)\">\u00a0LLC<\/a><\/strong>\n\nRadding is a professional programmer, hobbyist hacker, and web developer. He also is the co-founder of Shuttl, LLC and developer of the mobile app LykeMe.\n\n<strong>Greg Rogozinski, co-founder and CEO of\u00a0<\/strong><a href=\"https:\/\/cut2code.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Cut2Code<\/strong><\/a>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ffb2f83 elementor-widget elementor-widget-text-editor\" data-id=\"ffb2f83\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tRogozinski is the CEO of Cut2Code, a company that specializes in web development based on CMS platforms. He is a specialist with 8 years of experience in digital business, and an expert in Magento and WordPress. He has worked with such agencies as Global4Net, Lemon Sky and JWT Poland.\n\n<strong>Nick Santora, CEO and co-founder of\u00a0<\/strong><a href=\"https:\/\/www.getcurricula.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Curricula<\/strong><\/a><strong>, a cyber security education company.<\/strong>\n\nSantora previously spent seven years as a cybersecurity advisor for the North American Electric Reliability Corporation (NERC), the enforcement agency that\u2019s responsible for regulating the U.S.\u2019s power grid. He also is a cybersecurity expert who speaks regularly at conferences across the U.S. on the topic of the psychology of influencing employees via security awareness programs.\n\n<strong>Brian Taylor, co-founder of\u00a0<\/strong><a href=\"https:\/\/www.forixcommerce.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" label=\" (opens in a new tab)\" class=\"broken_link\"><strong>Forix<\/strong><\/a><strong>,<\/strong>\n\nTaylor is vice president and head of business development at Forix, a Portland-based digital agency that focuses on ongoing eCommerce website support and conversion rate optimization.\n\n<strong>Sivan Tehila, Director of Solution Architecture of\u00a0<\/strong><a href=\"https:\/\/www.perimeter81.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Perimeter 81<\/strong><\/a>\n\nTehila is a cyber and information security expert with 13 years of experience in cyber management, defense industries, and critical infrastructures. She is dedicated to promoting women in cybersecurity, having founded the Leading Cyber Ladies community in NYC and Cyber19w in Israel. Perimeter 81 is a Zero Trust Network as a Service provider designed to secure network access for the modern and distributed workforce.\n\n<strong>Ross Thomas, IT administrator at SectigoStore.com<\/strong>\n\nThomas started his IT career in high school, completed a bachelor\u2019s degree in management information systems at Florida State University, then a master\u2019s degree in IT security from the University of Liverpool. He has more than 20 years of experience working across many facets of the IT world.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-69355d3 elementor-widget elementor-widget-text-editor\" data-id=\"69355d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>Mark Soto, founder of\u00a0<\/strong><a href=\"https:\/\/cybericus.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Cybericus<\/strong><\/a>\n\nSoto is the founder of Cybericus, a small cybersecurity company in Wisconsin. He holds a degree in computer science and worked as a security analyst in the banking industry for 8 years where he saw the rise of ransomware. Sensing an opportunity, he left the corporate world and started his business, which focuses on ransomware data recovery.\n\n<strong>Kenny Trinh, CEO of\u00a0<\/strong><a href=\"https:\/\/www.geekwithlaptop.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" label=\" (opens in a new tab)\" class=\"broken_link\"><strong>GeekWithLaptop<\/strong><\/a><strong>\u00a0and founder and CEO of\u00a0<\/strong><a href=\"https:\/\/www.netbooknews.com\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Netbooknews<\/strong><\/a>\n\nAs the head of GeekWithLaptop, an online review publication with 100% remote workers, Trinh understands the complexities of working remotely and values the importance of having strong cybersecurity mechanisms in place. He is the managing editor of both tech-focused publications, which review tech and gadgets and aim to help users gain knowledge about everything tech. As a tech enthusiast, Trinh\u2019s been building computers and coding since he was a child. He also has a bachelor\u2019s degree in it.\n\n<strong>Dustin Vann, Owner &amp; Website Manager at\u00a0<\/strong><a href=\"https:\/\/trusy.co\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"><strong>Trusy Social<\/strong><\/a>\n\nVann is a social media and branding genius who serves as president of digital &amp; ecommerce ventures at Comer Companies.\n<h2 id=\"final-thoughts-on-these-website-security-tips-and-how-to-secure-your-website\">Final Thoughts on These Website Security Tips and How to Secure Your Website<\/h2>\nThe bottom line here is that having an ecommerce website is a golden opportunity for many businesses. It\u2019s also a great way for other organizations to get their name out there and to promote their missions. But without the proper protections in place, websites are inherently insecure, which leaves your data \u2014 and that of your site users who provide their information via transactions and forms \u2014 at risk to the world of cyber threats.\n\nThis is why it\u2019s crucial for organizations, regardless of size, to do everything within their power to secure their websites.\n\nAfter reading these website security tips from many industry experts, I\u2019m sure that you have some additional recommendations of your own. Be sure to share them in the comments below to add them to the list!\n\n&nbsp;\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Having an ecommerce website is a golden opportunity for many businesses. It&rsquo;s also a great way for other organizations to get their name out there and to promote their missions. But without the proper protections in place, websites are inherently insecure, which leaves your data &mdash; and that of your site users who provide their information via transactions and forms &mdash; at risk to the world of cyber threats.This is why it&rsquo;s crucial for organizations, regardless of size, to do everything within their power to secure their websites.&nbsp;<\/p>\n","protected":false},"author":602,"featured_media":4317,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[127],"ppma_author":[3308],"class_list":["post-2409","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-cybersecurity"],"authors":[{"term_id":3308,"user_id":602,"is_guest":0,"slug":"casey-crane","display_name":"Casey Crane","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_62b93d4d-9128-4c88-bf3a-1ca52c8ea99f-150x150.jpg","user_url":"https:\/\/www.thesslstore.com\/","last_name":"Crane","first_name":"Casey","job_title":"","description":"Casey Crane is Cybersecurity Journalist and SEO Content Manager at The SSL Store\u2122. She is a regular contributor to Hashed Out and Infosec Insights with experience in journalism and writing, including crime analysis and IT security."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/602"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=2409"}],"version-history":[{"count":4,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2409\/revisions"}],"predecessor-version":[{"id":34911,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2409\/revisions\/34911"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/4317"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=2409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=2409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=2409"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}