home iconabout iconcontact iconsearch iconsite map icon

Web Site Security

Web site security has become something to definitely be concerned about. There are people and companies out there that thrive on snooping into web sites. We all need to do what we can to help curb this disturbing fact.

Our hosting accounts use a VPS Server (Virtual Private Server) which simply means it's much more secure than shared hosting. VPS is just one step away from a dedicated server which in most cases is not necessary and for which you pay dearly! Dedicated servers are those that are used by banks and other financial institutions. Fort Knox comes to mind!

Most web sites do not need a dedicated server level host. The security measures in place on a VPS server itself and some additional precautionary measures taken by you or your web designer are sufficent to protect your web site.

Additional Security Measures

Use an .htaccess file to redirect any potentially unsecure links or url's that a visitor (hacker) could type into the address bar of your browser.

Examples:

Redirect permanent /pagename.html https://www.sitename.com/~login name/secure/pagename.html

Redirect permanent /secure/pagename.html https://www.sitename.com/~login name/secure/pagename.html

The above lines need to be each on their own separate line with no breaks in them. Note the "s" in the http ... this indicates the page(s) are stored in a secure folder of the web site.

What will happen is that the user who happens upon a non-secure link to the secured page on your site will automatically be redirected to the secure page without even noticing.

Here is another trick to help keep things secure and this applies to any site, not just a site that has a secure page(s). If a visitor types in a url for a domain that doesn't use an index page say in a sub-folder ...

Example:

http://www.sitename.com/images/

Yikes! Snoopers get a link-clickable list of every file in that folder! You may as well have handed to them on a silver platter!

The following line added to the .htaccess file will cure this!

IndexIgnore */ *

This one line in the .htaccess file takes care of every sub-directory in the site!

Click this link to see what visitors see on my own site if they type in a url that doesn't use an index page. This is a great little trick to use to help keep snoopers out of your sites!

What & What Not To Do!

Never ever give out login information of any kind to someone you do not trust. Of course, these days it comes down to "who can you really trust?" Definitely something to think about!

Make sure to follow your web designer's suggestions should there be a need for additional security for your web site. If you're not sure, ask!

Check your web site on some kind of regular basis. This doesn't mean just the home page either! A web site shouldn't work like the cruise control in your car — you don't just "set it and forget it!" If you find any unauthorized changes or something just "doesn't seem right" contact your designer immediately and let them know. When you do:

  • Be specific in describing what you see.
  • Provide a link to the page in question.
  • Provide your browser name & version.
  • Tell them why you're concerned.

Providing the above information gives your web designer a starting place to investigate. If you don't give them this information, they're only going to have to ask you for it anyway, which will delay any possible fix that may be needed.

Unless your design or maintenance contract specifically states that your site is being regularly monitored for security issues, don't expect nor assume that your web designer is doing so! This is not a normal every day service provided by web designers! Your web site is your responsibility in this respect. If we had to continuously check every client's web site, we would never get any work done for you or anyone else!

SSL Certificates

An SSL certificate is not necessary for general web site security. These certificates are used on web sites that provide shopping carts (e-commerce) or utilize secure forms. SSL Certificates can be costly depending upon the amount of security your particular web site needs for its secure application.

In many cases a web site that provides a shopping cart can be configured to use a third party payment processing feature (PayPal or Mal's for example). These web sites already have an SSL certificate in place! Taking advantage of their inexpensive services instead of providing your own certificate can save you quite a bit of money!

Before proceeding to purchasing an SSL Certificate, do talk with your designer and check out all your options. You may find it's not necessary. Should you need an SSL certificate, please contact us and we will work with you to get you set up.