In this day and age cybersecurity is of upmost importance for any business with an online presence. Whether you’re running an ecommerce site, a company blog, a general front end site, or all of the above, ensuring that your content is safe and sound is paramount. The best way to make your site secure is to start from the beginning–your web developer. With a team of front and back end developers and designers here at Sweb, we know firsthand what can go wrong if you don’t build a good foundation for your website from the start. You don’t want to leave the public face of your company to an amateur developer who may not have your best interests at heart.
Our first and foremost recommendation? Have your site setup on WordPress. It’s known as one of the best content management platforms, and is trusted by some of the biggest brands and industries like The New York Times, TED, and TIME, to name a few. In addition, the hosting company you choose will make a big difference in the security options available for your site. We host the majority of our clients with WPEngine, and they have several security options built in with each of their packages. Aside from picking the best platform and host to build your site on, here are 5 ways a good developer will make your site secure.
Having an SSL certificate on your site–which is indicated with an https instead of http at the beginning of your url–is the best way to keep both you and your clients information secure on your website. It’s especially important if you handle information like passwords or credit card information on your site. Many hosting companies, like WPEngine, will offer SSL certificates for free, but you still need a developer with the know-how to install it for you. Another benefit to have an SSL certificate? Google will rank your website higher because you it’s more secure.
Your developer should be a liaison between you and your hosting company, ensuring that things are running smoothly at all times, which includes making regular backups of your database and files. If your site gets hacked or an update goes wrong, you don’t want to be left without the information your site needs to function correctly. A good developer will ensure that backups are being made either through the hosting company or manually. Don’t ever let a developer tell you that you don’t need to worry about backing up your site!
If your developer has set you up with hosting on a shared environment or a managed hosting account, usually you won’t need to worry about this, but if your developer is maintaining that aspect of the server, they should know how to update and install any patches that roll out so you’re able to minimize risk of a major hack. This basically means that your developer (or your hosting company) is keeping your site up to date with the latest version of your host platform, including plugins, etc.
A dynamic website is usually connected to a database, which (if you have minimal development experience) can leave your site vulnerable to SQL injections, a method hackers use to tamper with the information in your database. Your developer should know how to create parameters that only accept certain values when entering information into an online form, for example, along with limiting database permissions, among other preventive measures. Overall, your developer should know how to make sure your database queries are secure and do not expose any vulnerabilities.
Anytime there is an error on your site which causes it to display an error message–rather than loading the preferred page–this can leave your site vulnerable to attack. A good developer will know to implement a custom error page within the website design, otherwise the automatic message could include information about the error details, easily enabling a hacker to get their foot in the door to your site. A simple “Internal Error” message will let the visitor know to contact you and will limit a hacker’s access to the back end of your website.
Read our post about 3 Things From Facebook’s F8 Developer Conference You Didn’t Hear