Website Security

havana8 · n00b Joined: 17 Nov 2017 Posts: 16

Hello guys!

I have a question concerning my website security. I would like to know what are the tips and tricks for keeping your site protected from hackers, malware, etc.? I wouldn't like my visitors to be infected and would like to have everything under control!
Hope you can help me out!

audiodef · Posted: Fri Dec 08, 2017 8:32 pm Post subject:

We'd need to know more. Are you using Apache? MySQL? PHP? Etc. Is it your system of your own design? Security for coding your own site differs from security for a Joomla-based site, for example.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN

Hu · Moderator Joined: 06 Mar 2007 Posts: 21591

Minimize external dependencies used by your site. Don't run ads managed by an external entity; these are a disgustingly common source of malware. Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).
Enable HTTP Strict Transport Security.
Enable Content Security Policy.

Beyond that, as audiodef says, we need specifics.

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

And use HTTPS: a lot of ISPs have proven themselves not above committing MITM attacks to inject ads.

havana8 · n00b Joined: 17 Nov 2017 Posts: 16

I went with Apache because I've heard that it is the most used one.

havana8 · n00b Joined: 17 Nov 2017 Posts: 16

Hu · Moderator Joined: 06 Mar 2007 Posts: 21591

Yes. For a public site, EFF's Let's Encrypt will give you a free ~90-day certificate, with free renewals as needed. Renewals can be automated for most common web server types.