In today’s world of growing IT knowledge, its neccessary that we keep our IT Infrastructure, applications and websites secure from vulnerable security bugs, security breaches and hackers. I am pin pointing few of the security tips below to secure your website:
1. HTTPS - enable a secure communication to your webserver
- Get the ssl from good CA that offer high level of encryption as well as support
- make a good decision with deep analysis on type of certificate you will get (single, muliti domain etc)
- setup redirects or reverse proxies where possible
2. enable HTTP Strict Transport Security (HSTS) - make sure this do not affect your end users and users with legacy browsers or applications
3. Use good traffic analysers for your web servers
4. enable 301 redirects on your website
5. Keep your webserver updated with latest bug fixes and patches as per OS its installed on
6. Setup more complex and tight security on network layer
7. Restrict the file upload as much as possible
8. Do not expose the admin page to public, keep in in local access/under cpn access
9. Put restrictions on code level as much as possible, like right click disable, copy options disabled etc