Greetings FlockHosters! One of the common questions that come through lately is “How do I secure my website?” so let’s dive into some options on how you can better secure your website and access to it!
Let’s Encrypt SSL
Off that bat let’s add a padlock to your website, and let’s do it for free. Yes free.
I have mentioned Let’s Encrypt certificates on the blog a few times, we are actually listed on Let’s Encrypt’s site as a provider (We are famous!) however not until the new build of the site will it be listed as a feature, but it is active on all accounts now. How do you enable it? Well good news, there’s a new video for that:
So it’s that easy! Still, if you have a question on adding this, don’t hesitate to ask for more help! But if you just walked through this – your site is a bit more secure now you are using SSL based content! If you are using WordPress and want to make the entire site over to SSL, just try the Really Simply SSL Plugin a great plugin to make all of your content SSL based. If you are getting some content that is not all going SSL try Why No Padlock – A great site to diagnose what’s not entirely secure.
Site File Management
Now if you are familiar with cPanel you’ll know there is a web based file manager but for most of you, it’s using FTP. Be it FileZilla, CuteFTP, SmartFTP, Transmit, Cyberduck you can quickly and easily migrate to the SSL version of communication so your content isn’t flowing over plain text. How do you do this? Look for an SSL option for starters, for most this should work just fine, however, if you hit any snags it will become a little bit easier this month using SSH Keys & SFTP – I’ll have a full guide on this walking you through it on Windows and Mac.
Now if you are using a CMS for site management, please make sure you use a plugin or adjust your configuration over to SSL as well so the easy option is in your site configuration where it lists your URL, likely something similar to this:
Site URL: http://mywebsite.com
Simply change it to:
Site URL: https://mywebsite.com
A lot of difference a simple S can do 🙂 This will force most of the common URL’s for your site to using the SSL login for your administration and keep things you do from writing an article to logging in all done over a secure connection.
If you are on a connection at your favorite local spot (I’d say the coffee shop, but honestly just about anywhere – McDonald’s, for instance, has access!) be sure you are logging in securely and your connection is secure!
If you are a Chrome User, I highly suggest checking out some of these options may offer a free browsing security, there are commercial options out there too like Private Internet Access which offer some great features for when you are browsing in less than safe options.
Now last on my list is auditing. Your site may not be the first thing in your mind on a day to day basis, but to hackers and bots it’s a spot it can get its grubby little fingers into and do some damage, so why not set up a bit of free auditing on your site for some of the most common issues by using Gravity Scan.
Gravity Scan is a great app which you don’t even have to install anything on your site to get a scan! In a few minutes, it will scan and review all your visible URL’s and give you a run down if it finds anything.
Now if you want it to go deeper, it provides a single PHP file for you to download, then upload into the main folder of your website and it will deep scan, every file & folder gets a once over – now as you can see here on the blog on the right-hand side – I’ve got mine scanning daily and as proof of security it shows up with the last date things were scanned.
And that’s it!
While this isn’t maybe the most comprehensive article that could be written and fine tuning system security, etc. it will help get your feet wet! If you have any questions beyond what is covered here please do not hesitate to reach out! Here to help!