How to Secure Your Website

PDF download Download Article
PDF download Download Article

This wikiHow teaches you how to ensure that your website is protected from attacks. Using an SSL certificate and HTTPS is the easiest way to secure an address, but there are a few other things you can do to prevent hackers and malware from compromising your website.

Steps

PDF download Download Article
  1. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/0\/06\/Secure-Your-Website-Step-1-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-1-Version-2.jpg","bigUrl":"\/images\/thumb\/0\/06\/Secure-Your-Website-Step-1-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-1-Version-2.jpg","smallWidth":460,"smallHeight":344,"bigWidth":728,"bigHeight":545,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Failing to update your website's software, security, and scripts when necessary is a sure way to allow intruders and malware to take advantage of your site.
    • This goes for patches from your website's hosting service as well (if applicable). Whenever an update for your website is available, install it as immediately as possible.
    • You should also keep your site's certificates up to date. While this won't directly affect your website's security, it will ensure that your website continues to show up in search engines.
  2. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/5\/59\/Secure-Your-Website-Step-2-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-2-Version-2.jpg","bigUrl":"\/images\/thumb\/5\/59\/Secure-Your-Website-Step-2-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-2-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    There are several different website firewalls to which you can subscribe for constant protection, and website hosting services like WordPress often offer security plugins as well. Just like protecting your computer with an antivirus program, it's wise to protect your website with security software.
    • Sucuri Firewall is a good paid option, and you should be able to find free firewall or security plugins for WordPress, Weebly, Wix, and other hosting services.
    • Website application firewalls (WAFs) are usually cloud-based, meaning you shouldn't have to download any software onto your computer in order to use them.
    Advertisement
  3. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/9\/93\/Secure-Your-Website-Step-3-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-3-Version-2.jpg","bigUrl":"\/images\/thumb\/9\/93\/Secure-Your-Website-Step-3-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-3-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Allowing people to upload files to your website automatically creates a security vulnerability. If possible, remove any forms or areas to which website users can upload files.
    • Limiting forms which allow uploads to support only one file type (e.g., a JPG for photos) is another possible fix for this problem.
    • This can be tricky if your website relies on a webpage form for things like cover letter submissions. You can get around this problem by setting up an email address for submissions and adding the address to your "Contact" page so that users can email their files rather than uploading them to your website.
  4. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/8\/89\/Secure-Your-Website-Step-4-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-4-Version-2.jpg","bigUrl":"\/images\/thumb\/8\/89\/Secure-Your-Website-Step-4-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-4-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    An SSL certificate essentially confirms that your website is secure and able to transfer encrypted information back and forth between your server and a person's browser. You'll usually have to pay a yearly fee to maintain your SSL certificate. [1]
    • Paid SSL distribution options include GoGetSSL and SSLs.com.
    • A free service called "Let's Encrypt" will also issue an SSL certificate.
    • When choosing an SSL certificate, you have three options: domain validation, business validation, and extended validation. Both business validation and extended validation are required by Google in order to receive the green "Secure" bar next to your site's URL. [2]
  5. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/4\/46\/Secure-Your-Website-Step-5-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-5-Version-2.jpg","bigUrl":"\/images\/thumb\/4\/46\/Secure-Your-Website-Step-5-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-5-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Once you've installed an SSL certificate, your website should qualify for HTTPS encryption; you can usually activate the HTTPS encryption by installing your SSL certificate to your website's "Certificates" section. [3]
    • If you use a website platform such as WordPress or Weebly, your website probably already uses HTTPS.
    • An HTTPS certificate must be renewed every year.
  6. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/0\/01\/Secure-Your-Website-Step-6-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-6-Version-2.jpg","bigUrl":"\/images\/thumb\/0\/01\/Secure-Your-Website-Step-6-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-6-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Create secure passwords . Using unique passwords for your admin-level site aspects isn't enough; you'll need to come up with complicated, random passwords which aren't replicated anywhere else and store their key somewhere outside of the website's directory. [4]
    • For example, you might use a 16-digit jumble of letters and numbers as a password. You could then store the password in an offline file on a different computer or hard drive.
  7. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/5\/52\/Secure-Your-Website-Step-7-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-7-Version-2.jpg","bigUrl":"\/images\/thumb\/5\/52\/Secure-Your-Website-Step-7-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-7-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Naming your website's sensitive files' folder "admin" or "root" is convenient; unfortunately, this goes for both you and hackers alike. Changing these files' location's name to something boring (e.g., "New folder (2)" or "history") can make it harder for would-be attackers to locate your files. [5]
  8. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/2\/24\/Secure-Your-Website-Step-8-Version-2.jpg\/v4-460px-Secure-Your-Website-Step-8-Version-2.jpg","bigUrl":"\/images\/thumb\/2\/24\/Secure-Your-Website-Step-8-Version-2.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-8-Version-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If your error message gives away too much information, hackers and malware can exploit the information to find and gain access to things like your website's root directory. Instead of adding explicit details to your website error messages, consider offering a concise apology and linking back to the main website. [6]
    • This goes for anything from 404 errors to 500-type server codes.
  9. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/a\/ac\/Secure-Your-Website-Step-9.jpg\/v4-460px-Secure-Your-Website-Step-9.jpg","bigUrl":"\/images\/thumb\/a\/ac\/Secure-Your-Website-Step-9.jpg\/aid1467496-v4-728px-Secure-Your-Website-Step-9.jpg","smallWidth":460,"smallHeight":344,"bigWidth":728,"bigHeight":545,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If you store user passwords on your website, be sure to store them in an hashed format. A common error among new website owners is storing passwords in plain text format, which makes the passwords easy to steal if a hacker manages to find the file.
    • Even prolific sites such as Twitter have been guilty of this error in the past.
    10. Advertisement

Community Q&A

Search
Add New Question
  • Question
    What is the meaning of the word "encryption"?
    Community Answer
    Encryption is the process of converting information or data into a code, especially to prevent unauthorized access.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 3 Helpful 13
  • Question
    Do hosting websites provide complete security with the yearly fees?
    Community Answer
    Yes, typically for three dollars a year, you can get full security for your website.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 0 Helpful 6
  • Question
    What is a hashed format password?
    Free Eagle
    Community Answer
    A hashed password becomes an encrypted password in on the server it is stored in. So if your password was something like "Salt&Pepp3r", the server would store the password as something like: "2fde1c67a2d28fced840ee1bb76". Since a hashed password operates in only one direction, it's almost impossible for someone to hack the server and reverse the password. In other words see the "2fde1c67a2d28fced840ee1bb76" in storage, enter that and have it translate back to "Salt&Pepp3r", it won't happen.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 1 Helpful 2
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
      Advertisement

      Video

      Tips

      • Hiring a web security consultant to take a look at your scripts is the quickest (albeit the most expensive) way to address potential flaws in your website.
        Thanks
      • Always test your website via a security tool (e.g., Observatory by Mozilla) before publishing the latest version.
        Thanks
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Submit
      Thanks for submitting a tip for review!
      Advertisement

      Warnings

      • Security vulnerabilities often aren't discovered until after they've affected someone. To avoid as many negative consequences as possible, remember to back up your website to an external location (e.g., a non-networked computer or hard drive) every week.
        Thanks
      Advertisement

      You Might Also Like

      How to
      Password Protect a Web Page
      How to Create a Website Privacy Policy
      Making Small URLs: 11 Tools to Create Shorter Web Links
      How to
      Login to a Website as an Admin
      How to Create a Simple Webpage Using Notepad
      Create and Upload a Website on a Custom Domain
      How to Redirect a URL: 301 Redirects, Meta Refresh, PHP, & More
      12 Easy Ways to Shorten a URL & Create Free Custom Links
      Saving a Text File as an HTML File
      How to
      Open Your Port 80 Behind a Firewall
      6 Easy Steps to Add Backlinks to Your Website
      Use Apache Webserver to Host a Website on Your PC: Step-by-Step
      How to
      Upload a Website
      How to
      Embed Pictures
      Advertisement

      References

      1. https://www.networksolutions.com/
      2. https://www.smashingmagazine.com/2017/06/guide-switching-http-https/
      3. https://support.google.com/webmasters/answer/6073543?hl=en
      4. https://www.hostgator.com/blog/3-easy-steps-that-protect-your-website-from-hackers/
      5. https://smallbiztrends.com/2014/12/secure-your-website-from-hackers.html
      6. https://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853

      About This Article

      In other languages
      Thanks to all authors for creating a page that has been read 193,162 times.

      Is this article up to date?

      Advertisement