If you are concerned about how to make your website more secure, but you’re not a web developer, this overview will give you the basics of virtual hardening.
The idea behind hardening a website is pretty simple: adding multiple layers of protection to reduce the potential of an attack. Traditionally, this involves a web developer manually handwriting code. But with virtual hardening you can use security plugins to strengthen your website using a Web Application Firewall (WAF).
Hardening is part of an overall strategy to prevent your website and data from being compromised. The two ways of hardening a site are:
- depth of defense – adding multiple layers of defense to prevent vulnerability exploitation
- breadth of defense – accounting for all potential attack vectors and security domains
In order to effectively protect a website requires protection of four key components:
- web server
- operating system
Content Management System (CMS)
Every website is unique and virtually hardening yours depends on its specific platform. One common difference between websites is the Content Management System (CMS). There are many CMS platforms: WordPress, Drupal, Joomla, Sharepoint, etc. If your website is based on WordPress, there are several simple virtual hardening tips, like:
- restricting admin access to a few IP addresses
- disable code from being injected into uploaded pictures
- enabling an “I am not a robot” checkbox to authenticate forms
Most virtual hardening tips for WordPress are reasonably easy to apply. But in some cases, a website may have dynamic IP addresses or a site owner may not have the technical ability to configure plugins. In such cases it’s best to reach out to experts to assess the level of security risk at your business, organization or enterprise – LP3 offers a free Security Risk Assessment.
Adding security to your server is a big challenge and depends on which server you are running. Common server environments are:
- Windows IIS
Some common tips for server hardening are:
- keep your CMS and all plugins updated
- remove unnecessary/unused plugins
- install security patches for your CMS and plugins
- monitor your websites log activity
- have long, unique, complex passwords
- install a security plugin (WAF)
Web Application Firewall
Not everyone is a tech wiz with the skills and time to maintain a secure website. That’s where a Web Application Firewall comes in. Securi and Wordfence are two popular WordPress WAFs.
Once you select, activate and configure a WAF for your website, you won’t need to worry so much about securing your website — you can focus on your business.