website security tips

As website security becomes more important than ever, a website owner is loaded with so many ‘best practices’ to follow. Hundreds of blogs are being written, checklists being created and videos being made on how one can assure security of their website. As a business owner, it becomes difficult to follow everything and in the end a developer ends up doing nothing. We thought we’ll ask some top infosec experts what will be their Top One Advise to website owners and cumulate them at one place as top website security tips.

This way, business owners have top 4-tips which they for sure should follow to assure their website’s security:

  1. Keep your website CMS and associated plugins up-to-date with the latest security patches – Graham Cluley, Security Expert & co-host of SmashinSecurity podcast

    One of the top causes of hacks are unpatched vulnerabilities in websites. It is very important to update your core CMSs, libraries and plugins you are using as hackers are often on a lookout for unpatched systems to exploit them. There have been incidents in the past where vulnerabilities in plug-ins of WordPress and Magento have lead to thousands of websites getting hacked.

  2. Use two factor authenticationAye DeeAfrica & Middle East Public Policy & Security Expert

    While Google has made two factor authentication really popular by launching it for Gmail, still a lot of other websites haven’t used a similar system. If you have a website that handles critical information such as credit card, address, medical data etc. of customers then it is recommended to use two factor authentication. This ensures that even if an end customer’s one account is compromised, there is another layer of security on top to prevent identity theft.

  3. Sanitize every thing – Matias Katz, Founder of Andsec Conference

    This is THE most important thing. Critical vulnerabilities like XSS and SQLi are direct consequences of limited input sanitization. Right from search bar, contact forms to GET and POST requests all should be sanitized to ensure that only required inputs are accepted by the web app. Post sanitization checks: input validation, integrity checks and business logic checks should follow.

  4. Listen to security & IT staff – Bill Brenner, Cyber Security Expert with Sophos

    According to Bill, in his experience communication gap within the organizations is the cause of security leaks. Bill says “For folks at the executive level, my tip is to listen to your security and IT staff. A lot of the disasters we’ve seen was because people from the lower decks weren’t being listened to on what kind of security procedures/tech needed to be in place.

While we can never assure full-proof security but can always work towards. The organizations that work towards achieving security are the ones that do not get hacked. As they say, only the paranoid survive!

If you have a website or an app, our solution Astra can help you keep them secure. This way, you focus on your core business and we can take of security! Learn more here.

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Astra Team

We are on a mission to make web a more secure place, one website at a time!

8 Comments

  1. The blog was absolutely fantastic! Lot of great information which can be helpful in some or the other way. Keep updating the blog, looking forward for more contents…Great job

  2. It’s good to know more about website security and safety. With so much internet usage and business going on, I feel that security should be people’s top priority. Two factor authentication might be kind of annoying, but it’s worth it because it adds that extra layer of protection, like you said.

  3. thank you very nice website

  4. Excellent points. If you don’t take your security seriously, you are vulnerable to an attack, and it doesn’t matter if you’re a large ecommerce store with thousands of customers, or if you’re a small-time blog with only a few hundred readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close