4 Essential Web Server Security Best Practices

Wednesday, January 6, 2016

Locally and internationally, you may have heard of data breaches with websites. In some of these data breaches, the underlying reasons are due to weak web server security. Setting up a website these days isn’t easy as there are a handful of factors to think about, from the domain name, web host provider, content management system (CMS) to site scripting. In every aspect of a website setup, there are access points with security threats and vulnerabilities. And if not cautious, your site could fall prey to a cyber attacker’s scheming intervention.

To stay out of harm’s way, you as a website administrator should look to adopt these 4 essential web server security best practices:

1.Update Software Operating Systems (OS) Regularly

Web Server With CMS

If you use a CMS in addition to your web server software, make sure updates are patched regularly to both the (1) CMS and the (2) web server software.

For CMS such as WordPress, Drupal, and Joomla, plugins are frequently used by websites for easy integration. These plugins however if outdated, could be manipulated by hijackers. Just recently, thousands of WordPress sites were hacked due to a flaw in RevSlider plugin.

Web Server Without CMS

If your site uses only a web server software for hosting and content, ensure the web server software is regularly updated. Check for updates every quarterly just to be safe.

2.Change Admin Password 2-3 Times a Year


You may not have a habit of changing web server software passwords since you seldom access into it. However, not changing passwords is highly dangerous – especially if passwords have not been changed – as hackers can easily access your web servers by looking through your server’s /etc directory.

By changing the admin password regularly, you could save yourself from some password trouble. What’s even better and highly recommended from a security viewpoint is the use of two-factor authentication for web server access.

3.Install an SSL Certificate

ssl certificate

An SSL (Secure Socket Layer) certificate should be installed on every web server to encrypt all information as they get transmitted from the website. Doing so will make your web server process requests via HTTPS instead of HTTP, making sure all connection to the web server is private. Choosing the right certificate and support is important in SSL implementation, and providers such as Cyber Secure Asia makes SSL installation a breeze with local support and highly trusted certificates from DigiCert.

4. Backup and Double Backup!


You may trust web server providers to auto-backup your files and store them in isolation. But sometimes this doesn’t always happen, especially if your data is backup in the same server. That’s where self-resilience matters and working on your own backups is important. There are 2 ways to go around backups, either backup on the cloud or backup offline. If you can, you should backup using both methods, just in case, the other doesn’t work well.

Web Server is the Crux of Everything Online

Your web server contains everything about your website and protecting it well is critical. The moment you lose control of web servers, you lose everything you have online. This includes your hard work in website content and customer database you painstakingly build over the years. While web server security practices may be cumbersome to some, the efforts put into it will definitely pay off as you can look to continue online operations without unwanted intervention. By following these 4 essential practices, you will be light years away from others when it comes to web server security.

Share :    

Back to Blog