Securing Your Website in 5 Easy Steps
Why is website security so important?
An unprotected website leaves your business, its’ clients, users and other visitors vulnerable to cyber-attacks, phishing sites, hackers, malware and other security breaches. Luxhosting.lu is dedicated to optimizing your online presence and to ensure that you have the best in internet security. So we are breaking down the ways in which you can secure your website online - the easy way.
Having a secure website is crucial to your success and protecting you and your users’ personal information. Not only for sensitive information like credit cards, passwords, emails and any other data you are collecting from your users, but also to ensure that you are protected from attacks by hackers, malware and viruses. Security savvy users demand more security before disclosing any private information about themselves on any website, therefore if your website is not secured, it can negatively impact your traffic.
Securing Your Website is Easy
You don’t have to be an expert to ensure that your website is secured and your data is protected. All you need are a few tools and follow these quick easy steps and you are on your way to a secure and bullet proof website.
The easiest way to safeguard your website from attackers is by enabling a HTTPS for your URL, also known as SSL (secure socket layers). Secure Sockets Layer (SSL) Certificate is a digital encryption protocol that protects online communication from a browser to a server. Think of this as the immune system for your website, preventing and blocking hackers from stealing your users’ sensitive and private information as it’s transmitted over the internet. For more information on SSL Certificates check out this blog post to get a better understanding. We'll explain more about SSLs encryption bit later.
When you purchase hosting and a domain without security certificates enabled, your website address begins with HTTP as opposed to a secure server HTTPS. The good news is that setting up a SSL Certificate is quick and easy, and once it is completed, your users will automatically be routed to a secure address using HTTPS and not an unsecured HTTP address.
Here’s how to set up your SSL certificate in 5 quick and easy steps.
- Host your website with a Dedicated IP address
- Buy a SSL Certificate that suits your website needs and budget
- Activate the Certificate
- Install the Certificate
- Update your website hosting to use HTTPS
Step 1: Use a Dedicated IP address
Most companies offering hosting packages offer shared IP, meaning that multiple websites are using the same IP address and your sensitive information from your visitors is passing through multiple channels. With a dedicated IP you are ensuring that your information and data is only being transmitted to your IP address and nowhere else. Just one-way traffic.
Step 2: Buy SSL Certificate
Next, you will need something that verifies that your website is indeed your website. A passport or ID card that is personal to your website. An alarming amount of websites are fake making users vulnerable to phishing scams or malware. This is where the SSL Certificate comes in. Several certificates exist which play a vital role to protect sensitive data like credit card numbers, usernames, passwords, email contacts, and much more, from hackers and other meddling eyes.
Here are a few examples of what SSL certificates encrypt:
- Online transactions details
- Web forms and customer logins
- E-mails and web applications such as Outlook
- File transfers over https and ftp
- Information sent over mobile devices
- Communication on cloud-based platforms
There are different SSL certificates which offer varying levels of protection. So it’s important to know what is covered by a given certificate and what you need for your website. Find out more about SSL Certificates here.
For the best value guaranteed, I recommend the Comodo EV . These SSLs display a company's name in the address bar and is recognized as the most widely trusted visual aid on the web.
Step 3: Activate the Certificate
Now that you have purchased your SSL Certificate you need to activate it by generating a CSR. Certificate signing request (CSR) is an official request from your server, directly to the Certificate Authority (CA). Your CSR establishes your website’s identity. Your web host can generate and set up your CSR for you.
Step 4: Install the Certificate
SSL Certificates are quick to install. This is the easiest step in the process. We can do this for you once you purchase a SSL Certificate from us. However, if you plan to install this yourself it can be easily done in your cPanel by clicking the “Install an SSL Certificate” from under the SSL/TLS menu.
Step 5: Update your website to use HTTPS
Go to your website, and at this point you should see HTTPS load. Congratulations you have secured your website, and successfully installed the HTTPS protocol. Ensure that your users are accessing your website through HTTPS.
Bear in mind that you only need to protect a few pages with HTTPS. The pages that collect sensitive information and data to ensure that you are not wasting encryption protocol and slowing down your site. Though with Luxhosting.lu you don’t typically have to worry about this as our servers work at optimum speeds.
You have the option to update all links to the target pages to use the HTTPS links. In other words, if there’s a link to your cart (e-commerce sites) on your home page, update that link to use the secure HTTPS link. Do this for all links on all pages that lead to the sensitive URLs that, collect information and data that you wish to be encrypted for your users.
Additional Info & Tips:
- Note that having HTTPS does not mean that information on your server is secure and encrypted, it only protects the transfer of data from your users’ computer to your servers, and vice versa. Once the sensitive data is on your server it’s up to you to keep that data safe and secure, therefore further encryption is necessary to ensure this (e.g. encrypt in database, etc.).
- Ensure that your hosting is protected against DDOS attacks. All of our hosting packages at Luxhosting.lu include DDOS Protection from attacks at 1,000 Gbps.
- Create secure passwords with a combination of letters, numbers and symbols. You will need to come up with complicated, random passwords which are not replicated anywhere else and store them somewhere outside of your website’s directory.
- cPanel Hacks to ensure your website remains secure from hackers include changing your Admin folder names or hiding them. Changing the names to something generic will help to protect your important files from being corrupted or changed by hackers. Location changes of file folders help to thwart hackers too.
- Keep error messages simple on your website. If your error message gives too much information, hackers and malware can exploit this information to find and gain access to your website’s root directory. Instead use witty and succinct error messages with links back to the home page.
- Always encrypt passwords. If your website collects passwords from users ensure that those passwords are kept in an encrypted file.
As you can see, securing your website is quite easy. If you have followed these steps, congratulations your website is secure! You are now assured that any information given by your users is fully encrypted and safeguarded against snooping hackers.