Hey there! Sign in to join this conversationNew here? Join for free

Making a Secure Website Watch

Announcements
    • Thread Starter
    Offline

    2
    ReputationRep:
    I'm about to make a website and wanted some suggestions on how to make it secure?


    Posted from TSR Mobile
    Offline

    3
    ReputationRep:
    Well, what are your risks and what are you defending against?

    If I'm just serving up a static HTML site from a boring server I'd have to do things a lot different than handling payments for an ecommerce site!
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by estel)
    Well, what are your risks and what are you defending against?

    If I'm just serving up a static HTML site from a boring server I'd have to do things a lot different than handling payments for an ecommerce site!
    Im just a beginner and I've been asked to create a website and then make it secure


    Posted from TSR Mobile
    Offline

    15
    ReputationRep:
    (Original post by MuhammadDarcy)
    Im just a beginner and I've been asked to create a website and then make it secure
    Then you need to research what makes a website unsecured and solve some of those issues.

    If you're a complete beginner and your first thought is to go on TSR and get someone to give you the answers then you're doing it wrong. If you don't know something then you need to go do your own research and think things through for yourself.
    Offline

    14
    ReputationRep:
    A few tips off the top of my head.

    1. Keep all software on the host server up-to date if possible. Including but not limited to your database, http server, application containers, PHP modules, etc.
    2. Only grant as much permission as required to files and folders on your filesystem
    3. Use SFTP and ensure SFTP users don't have SSH access or CHROOT them.
    4. Enforce a whitelist IP policy on SSH users and on database access
    5. Keep all passwords secure. Length > complexity. Don't use dictionary words. Use a combination of characters, letters and punctuation. Change these passwords regularly.
    6. If using a CMS, only install as many modules as you need. Ensure they're upto date and they don't contain vulnerabilities. Check comments on the module before using them to verify if other users have had issues. Disable public admin access.
    7. Have a backup plan for the website
    8. Constrain all data inputs on the serverside code, not the clientside. Use prepared statements, stored procedures and escape all user input. I suggest writing some validators to check for range, regular expressions, etc before processing them in application logic.
    9 Remove over-privileged DB users
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by NX172)
    A few tips off the top of my head.

    1. Keep all software on the host server up-to date if possible. Including but not limited to your database, http server, application containers, PHP modules, etc.
    2. Only grant as much permission as required to files and folders on your filesystem
    3. Use SFTP and ensure SFTP users don't have SSH access or CHROOT them.
    4. Enforce a whitelist IP policy on SSH users and on database access
    5. Keep all passwords secure. Length > complexity. Don't use dictionary words. Use a combination of characters, letters and punctuation. Change these passwords regularly.
    6. If using a CMS, only install as many modules as you need. Ensure they're upto date and they don't contain vulnerabilities. Check comments on the module before using them to verify if other users have had issues. Disable public admin access.
    7. Have a backup plan for the website
    8. Constrain all data inputs on the serverside code, not the clientside. Use prepared statements, stored procedures and escape all user input. I suggest writing some validators to check for range, regular expressions, etc before processing them in application logic.
    9 Remove over-privileged DB users
    Thanks


    Posted from TSR Mobile
    Offline

    18
    ReputationRep:
    (Original post by MuhammadDarcy)
    I'm about to make a website and wanted some suggestions on how to make it secure?


    Posted from TSR Mobile
    Why not just hire a web designer?
    Offline

    0
    ReputationRep:
    keep the back door locked
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by Al-farhan)
    Why not just hire a web designer?
    I've been asked to do it by a friend


    Posted from TSR Mobile
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by PussyGrabber9000)
    keep the back door locked
    Hmm


    Posted from TSR Mobile
    Offline

    17
    ReputationRep:
    use laravel and half of your concerns would be taken care of
    Offline

    8
    ReputationRep:
    I've just finished setting up my own website. I used one of the best WordPress themes that was highly customizable and well-supported. I customized the login page URL. That was the first thing I did when I started securing my website. Also I set up website lockdown and ban some users that are doing unauthorized activity .
    • Thread Starter
    Offline

    2
    ReputationRep:
    Thanks for your replies
    Offline

    2
    ReputationRep:
    If I were you, I'd use one of these website builders -
    http://www.beautifullife.info/web-de...erce-builders/ . I have tried none of them yet. But when I need a website, I'll definitely know where to start from. Good luck!
 
 
 
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • Poll
    Should Spain allow Catalonia to declare independence?
    Useful resources
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

    Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

    Quick reply
    Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.