Websites get attacked. This is an unfortunate side-effect to being part of the public web. It is pretty safe to assume that somewhere at this very moment, a website you have heard of is being actively attacked. Scary right? It doesn’t have to be.
It can be a bit overwhelming to think that most every website on the internet will at some point be a target for some sort of attack. Whether it is a minor script-kiddy attack, (annoying but harmless usually), or an attempt to compromise data, the need to prevent it is still there. Since we know we can’t prevent our sites from getting attacked, we need to put a lot of focus into security. Just because we know the site is going to be attacked, doesn’t mean we need to make it easy!
So, great, where do we even start with security? What if I don’t have a data security expert? Or I don’t have someone who is trained to secure a server? Well, inquisitive reader, security starts at home or in your website’s case, the host. Choosing a good host for your site is a great start to security and can make a big difference in whether or not you get hacked. If we use a host, we are very picky in which ones we recommend to our clients. We look for good hosts with ssl support, firewalls, responsive support, and tools that making securing a website an easier process. If the server your site resides on isn’t secure, it won’t matter how much security you build into your website.
A website on a secure host is totally hacker-proof, right? Right? Unfortunately, this is not the case, but that doesn’t mean there isn’t more that can be done to secure a website. Since we primarily use the very robust Drupal framework for websites we build, we have learned to understand there are many, many layers to website security. Drupal gives some advice/best practices on the topic of security and it is a great start for making sure that your Drupal site is secure and safe for all the internet to enjoy. The major thing to watch with any big open source CMS (even this one) is that you have to keep it up to date. That means the core application gets the newest security updates and any plugins or modules that have been added. One of the biggest advantages/disadvantages of open-source software is the constant evolution through the community. Security flaws are usually found and addressed quickly, but these security holes are public knowledge once a fix has been made and that means your out-of-date site can be an easy target if not updated quickly!
Is that all that is needed to have a secure website? Of course not, but it is a great start. In addition to the above, it is worth noting that using a CDN can both speed up and help secure your website if you use a good one. There are a lot of benefits to this extra layer and I can’t speak highly enough of having a quick and secure site for your customers. In a similar vein, you should have an SSL on your website. Seriously. Peace of mind for your customers and added security for data transfer are both invaluable in the modern web. You will also want a great team behind your website with experience building great secure sites, but maybe I’m just biased. ;)