Security for websites – how to make your website secure
Written by: Trond Olav Ånesen

The importance of maintaining security online is nothing new. Many people tend to only think about security when visiting a website, but as an owner of a website, no matter what the type of website it, you need to think about security. Informational websites, blogs, online newspaper, web shop or any other.

Security is important for you as an owner of the website, and for those visiting and using the website. In this article we will take a closer look at how to maintain basic security and what needs to be done if an incident occurs.

Security on your website involves:

  • It should be safe for everyone to visit the website
  • The website should not be infected with malicious code that may infect visitors
  • The website should not forward visitors to any websites with malicious code
  • Information exchanged between visitors and website/server should not be accessible to anyone unauthorized

The topic is comprehensive and one article cannot cover it all, but we will focus on the most important; It should be safe to visit your website!

security for websites

Make sure the website is not/cannot be infected

When a website is available online it poses a potential target for hackers. A hacker is not necessarily a man in a black hood in a dark basement. In most cases a hacker is an automated “Bot” (robot). These “bots” are constantly scanning known and unknown websites for vulnerabilities to exploit. Vulnerabilities exist in the code running, directly or in add-ons such as plugins.

A classic example is a website created in WordPress, with a theme and a few plugins installed. Since WordPress is quite popular it is also popular to search for vulnerabilities in this type of installation. If a hacker can successfully infect 1 website, they can potentially do the same to thousands of websites.

The motive behind infecting a website may include; a hacker might want to spread their message, send spam from your account, collect sensitive information from visitors, forward visitors to other insidious websites, use the resources of the account for other attacks and so on. All of the mentioned is of course something you want to avoid. In general, it is rarely you directly,  they are targeting.

Checklist to avoid having your website infected

  • Everything must be updated, always
    Since WordPress (and other similar systems) is popular, when vulnerabilities are found, improvements are made and updates released. It is important to update when new ones are released. As soon as a vulnerability is detected and known, it is only a matter of time before the websites not updated will be attacked. The same goes for anything installed on the system. As we mentioned in our example, we have a theme and plugins running. These can also contain vulnerabilities and developers release updates correcting this. It’s therefore important to keep both theme and plugins updated as well as the installation itself.
  • Anything not being used on the hosting should be removed
    Any theme or plugins not being used should be deleted/removed. Even if you deactivate a plugin or a theme everything is not actually gone. Files are often left and can potentially be abused. This means; only what is necessary to keep the website running optimal should be openly accessible. Anything else must be deleted or moved to an unreachable area.
  • Use captcha for forms
    Forms; contact forms, order forms and similar must be secure so they cannot be completed automatically. The “bots” we mentioned before can also be used to abuse forms, when available and send spam from website/account. This will affect the visitors in two ways:
    1. Resources for the hosting can be used for this, preventing visitors from loading the website.
    2. Causing abuse of such a magnitude that the account will be suspended to avoid further issues. Suspension means the website will be offline and not available for visitors. All forms where visitors can fill in information, should have an extra check. Captcha is the most common (and recommended) check for this.

security for websites

  • Password must be secure
    A secure password is long and composed by numbers, small and uppercase letters and other characters. Long password can also be sentences or phrases with random numbers/letters more easy to remember. Password is used on our client portal, hosting, email and the website/installation. The password used the most is also the most vulnerable. You should change password at least a few times each year. You should never use the same password several places.
  • Implement extra security wherever its possible
    For many CMS (WordPress/Joomla/Drupal) special plugins are developed focus solely on security. Check what needs you have and install what you think is best for your website and needs. There are several decent free options, but if you have a larger website with heavy traffic it can be worth paying for the extra security. Sucuri (sucuri.net) provides a free plugin as well as a paid version and is known for value for money.

security for websites

  • Make sure to always have a backup of your content
    You should always make sure to have a backup of your content. All of our clients have access to the best solution in the market for backup. At PRO ISP you have access directly to your backup via the control panel (cPanel). Backup is performed once each day of all the content and is kept for 30 days. In addition to the backup solution with PRO ISP we recommend always having an external backup. Once each month or once each quarter, depending on how critical it is and how many changes you are willing to lose.

Website has been infected, what to do?

What if the damage has already been done? What if your account has been suspended by PRO ISP? This can happen to anyone and most people experience it as unfair.
All hosting companies operate the same way when it comes to hosting; several hosting share resources on the same server. To illustrate, imagine the server as a hotel and the clients account as hotel rooms in the hotel.

When a hosting company detects resources being abused, this must be stopped to avoid it affecting the other clients in the same hotel. Imagine a hotel room with so many visitors that no other guest can get in or out of their room. The room creating the problem will have to be closed to avoid this. Its not always an account will be shut down, but if signs of hacking/abuse is noticed we can notify directly.

The most important in such cases is; follow the instructions given and ask for tips/advice/guidance if you are unsure.

If we detect hacking/abuse, and either give notice or suspend the account, we always give instructions on what needs to be done.
In most cases the hacking is so recent you can use a backup included in the hosting. The procedure is easy:

  • Delete content on hosting related to the website.
  • Restore content from a date before hacking/abuse occurred (if you are unsure, use the oldest backup available)
  • Review all the mentioned measures above to prevent further hacking/abuse. Update everything, secure all forms, change all passwords and implement extra security

If you do what is recommended and follow this you are as secure as possible. Both you as the owner of the website, the visitors, and we who serve the website form our servers will be happy.

Secure information between visitors and server (SSL certificate)

Security certificate is becoming more and more relevant to discuss, and highly useful when it comes to security for websites. We have previously had articles about “SSL certificate- How to chose the right one” and how larger suppliers are planning to force more and better use of this to maintain security online (“Google warns: Secure your website”). Now it is about to get a little technical but we will need to explain some technical stuff:

SSL* is an encryption protocol, or a set of rules telling a server/client (website and visitors) how encryption of the data will be executed. The encryption is the process of making something unreadable or incomprehensible to others.

* In reality TLS is used, but SSL and SSL certificates are used in everyday speech so therefore also in this article.

The end goal for SSL is to make sure the visitor, and the server/website, will be able to read the data sent between these two parties. It is therefore essential when personal and sensitive data is exchanged, such as phone number, username, password, e-mail addresses, credit card information and similar; because we do NOT want this information seen by others.
security for websites
In order to enable this encryption we use “keys”. When the visitor and a server/website have the same kind of “key”, only they can read, and encrypt the information. An SSL certificate is a certificate confirming the ownership of the “keys”, and that they are authentic and valid. How thorough this confirmation is, depends on the certificate, read more about it in “SSL certificate – How to choose the right one”. In short terms the certificate confirms it has been issued by a valid issuer, for the website visited, and its validation for this. As a visitor, you can see this by the green padlock in the address field and that the browser reports the website as secure.

As mentioned in “Google warns: Secure your website” encryption of information is highly relevant since it will be a demand soon. You can of course avoid using SSL certificates, but visitors of the website will be receiving a warning when entering your website. This warning can compare to shouting at your customers: “I do not care about security”. If you have not made the transition from http to https the time is definitely now!

Du you have any questions?

In the beginning of the article we mentioned security is a quite large topic and cannot be covered in one single article. Still, follow the advises given, and be more aware of security you will have come a long way already.

Did you read the article and is left with many questions? Do you want some guidance? Please, do not hesitate to contact us.

Epost: support@proisp.eu
Facebook: https://facebook.com/proisp.eu/

Website builder – Create professional websites easy!
Written by: Isabelle

The Website builder makes it possible to create professional websites simple and easy. By using responsive design your website will look just as good on both mobile, tablet and desktop. Choose from over 400 different design templates to customize the website as you like.

 

website builder

 

Is the Website builder for me?

Yes, the Website Builder is a great tool for anyone who is creating a website. You will select the design, insert your content (pictures, and text) and in a matter of short time, you will be ready to publish your website.

In addition to the 400 different design templates you can choose from, there is also a large selection of widgets you can use. You can add a photo gallery, calendar or contact form just to mention a few.

How do I get started?

Depending on your needs you can select either Website Lite or Website Pro for the website builder. Both versions will give you access to all the design templates while the number of widgets is limited in the Lite version versus unlimited in the Pro one.

After ordering (how to order) Website Lite or Website Pro you will be able to open the Website builder from the client portal on proisp.eu. You will then be directed to your new website and can start creating it!

You will start by selecting a design/template of your own choice. There is over 400 different designs so you will absolutely find something that would fit what you are looking for. They are also sorted in different categories so you easier can find the one for you or your business.

When you have decided which design you want you will have the option of changing the colors and fonts for the design. When you are happy with the design you may start adding content. You can add your own pictures or select from the different stock images included in the Website builder. When you are finished with the editor, your website is ready to be published.

Our guide “How to use the Website Builder” will take you through the process step by step.

BILDE MED SKJERMDUMP AV STEG 1-2-3

Recommended widgets

If you are using Website Lite you can add a limited number of widgets while the Website Pro users have unlimited number of widgets available to add. There are several widgets to choose from, below are some examples:

Facebook Page
If you have a Facebook page to connect to your website use the widget called “Facebook page”. This can make sure your website visitors also becomes Facebook followers.

Social share
Do you want your website visitors to share content from your website? Make it easy for them to do so by using the “Social share” widget.

Search
Give your visitors the option of searching your website. “Search” is recommended for websites with a large amount of content and especially for websites with articles or blog posts.

Google calendar
Show upcoming events, seminars or other happenings to your visitors with Google calendar. You will need an existing Google calendar to use this widget.

SCREENSHOT OF WEBSITE WITH WIDGETS