If the name of your project is web application, professional blog, e-commerce, startup, even if you develop websites for others or you are an agency. Or, if you are one of the previous cases and you have reached the point of climbing and do it securely, this post is for you. How to design a secure web.
Think about minimizing the risk for your web or e-commerce
Let’s start with the basic rule in architecture design security for a web: do not put all the eggs in the same basket.
We know that any startup, blog or web project that starts, often does not have the resources to deploy a complete and secure architecture regarding hackers and malware. What you are looking for is efficiency and cost savings. For that the use of containers and technologies that save in many aspects is perfect, but without compromising the security. To avoid problems there are things you can do without too much extra cost.
Which parts are the essence of our website, blog or e-commerce? Which part we shoulb be worry about?
- Logs: this part gives us information about who and when access to our site. Is not only important to know about the changes our team has made, but also, if we’re lucky enough, about when and where someone has attacked our site.
- Backups: That’s one of the most important elements of our online business. If we’ve been hacked, it’s crucial to have a backup to recover the service and the content of our site as soon as possible.
- Database: maybe delete your data, the data of your customers, you simply robe them
- Website: the files of your web. Inject malware or directly hack your web or e-commerce. If your website is hacked we could loose money every minute our site is not online.
The basis for designing a secure web or e-commerce application
We leave aside the cases in which you fully develop the code of your website or application. In these cases you are accustomed to different environments, development, pre-production, integration and production among others. To design a secure web, we put as an example the case of a web made with WordPress. Or the WordPress of the clients that you manage. Or the WordPress of your professional blog, or that of your e-commerce.
Web and database
Ideally, you have a development environment where you can test everything. As upgrade your theme, install certain plugins first or test the speed if you have made any major design changes. By environment we refer to a site with different IP and without any affectation on your website in production.
We accept that you have your WordPress development environment on your own PC. However, the ideal is another space in the hosting provider where you have your production environment, or even an external provider. Currently many of the hosting providers include it in their offer or even give it free as a test web environment.
The important thing is that it is separate from your website or e-commerce. Remember the important security points of shared hosting. If you have access to the server as an administrator, you have access to everything. Do not make it easy, and think these things when considering how to design a secure web.
The rule of the three backups of your web
If you do not have 3 backups you do not have any. That is, your web and two copies. One in local, for example, another in remote as a cloud backup.
You are probably already doing backups with your hosting provider. Make sure they are done it correctly, try them periodically and make another copy in an external service or cloud. A good practice is to recover periodically the backups of your website on your development environment, which has been discussed in the previous point.
The logs, the security of knowing what happens in your web
Make sure you have a logging system to know everything that happens on your server from a reasonable time. Think that if you do not carry a security maintenance in your blog, web or e-commerce maybe you find out weeks or months after they have hacked your web. When there is evidence such as extreme slowness on the web, obvious messages or worse things.
And of course, ideally, this system is independent from the rest.
With these good practices you easily put a little more difficult that someone hacks your web, blog or e-commerce. This will keep your positioning, brand reputation and above all the good service to your users or customers.
0 Comments Leave a comment