firm_website
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
firm_website [2019/08/23 19:13] – neil | firm_website [2021/07/06 09:26] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 58: | Line 58: | ||
The more complex the software stack on which your website is running, the greater the opportunities for bugs or exploits. | The more complex the software stack on which your website is running, the greater the opportunities for bugs or exploits. | ||
- | Keep an eye on updates to the software, and test and deploy quickly. | + | Keep an eye on updates to the software, and test and deploy quickly. You are probably better of enabling automatic updates if this is an option. There is a risk that an update might be incompatible with something you are doing with your site, and so automatically upgrading might cause problems, but you are more likely to have problems if you do not update your software. |
If you are using a third party to run your website, or you are hosting it on someone else’s platform, check out their policy on applying software updates. If you can, enter into a service level arrangement which sets out how and when they patch their servers, at both the operating system level and the application level (i.e. the web server software itself, as well as the software on which that web server software runs). | If you are using a third party to run your website, or you are hosting it on someone else’s platform, check out their policy on applying software updates. If you can, enter into a service level arrangement which sets out how and when they patch their servers, at both the operating system level and the application level (i.e. the web server software itself, as well as the software on which that web server software runs). | ||
Line 76: | Line 76: | ||
* opening an additional port in your firewall, to allow traffic on port 443. | * opening an additional port in your firewall, to allow traffic on port 443. | ||
+ | If your website hosting provider offers " | ||
+ | |||
+ | If you run your own server, the easiest way to get this up and running is to use a free [[https:// | ||
+ | |||
+ | ===Renew your certificate automatically === | ||
+ | |||
+ | A common failing when using an encryption certificate for a website is failing to renew it. If you do not renew it before it expires, visitors to your website will see an error message, which you do not want. | ||
+ | |||
+ | LetsEncrypt certificates expire after three months, and, if you use certbot to install a LetsEncrypt certificate, | ||
+ | |||
+ | If you do not have a LetsEncrypt certificate, | ||
===Redirect unencrypted connections to encrypted connections === | ===Redirect unencrypted connections to encrypted connections === | ||
Line 81: | Line 92: | ||
In addition to setting up your server to offer an encrypted connection, make a further change so that visitors are automatically redirected to the secure version of your site. | In addition to setting up your server to offer an encrypted connection, make a further change so that visitors are automatically redirected to the secure version of your site. | ||
- | This means that, even if they access the insecure version of your website (http://), they will be automatically redirected to the secure version (https://), without them needing to do anything. | + | This means that, even if they access the insecure version of your website (http:), they will be automatically redirected to the secure version (https:), without them needing to do anything. |
+ | Â | ||
+ | If you use certbot to install a LetsEncrypt certificate, | ||
==== Configure your site to be as secure as you can ==== | ==== Configure your site to be as secure as you can ==== | ||
Line 87: | Line 100: | ||
You can increase the security of your site, and lessen the risk of malicious or inadvertent compromises, | You can increase the security of your site, and lessen the risk of malicious or inadvertent compromises, | ||
- | The easiest way to start is to visit [[securityheaders.com|securityheaders.com]] and put in your site's URL. It will assess your site, based on this background information, | + | The easiest way to start is to visit [[https://securityheaders.com|securityheaders.com]] or [[https:// |
{{:: | {{:: | ||
Line 99: | Line 112: | ||
Ensure you have an [[backups|accessible, | Ensure you have an [[backups|accessible, | ||
- | If your hosting provider decides to close shop unexpectedly, | + | If your hosting provider decides to close shop unexpectedly, or your website gets hacked, you can get back up and running far more quickly if you have a tested backup available. |
==== Be careful with contact forms and text entry fields==== | ==== Be careful with contact forms and text entry fields==== |
firm_website.1566587621.txt.gz · Last modified: 2021/07/06 09:26 (external edit)