• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Improve your website security posture

How to Improve Your Website Security Posture – Part II

August 30, 2018AJ Syed AliEspanolPortugues

74
SHARES
FacebookTwitterSubscribe

In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part of a good website posture. However, it is also important to be aware of what to do to strengthen your website.

Today, we are going to give you some practical tips on how to improve your website posture.

The Principle of Least Privilege

As a website owner, we highly recommend using the principle of least privilege. It is a computer science principle which can be applied to every level in a system and the benefits strengthen your website security posture.

The main takeaways of the principle of least privilege are:

  • Use the minimal set of privileges required for each user to perform an action.
  • Grant those privileges only for the time the action is necessary.

When assigning roles, only let users have the role they will need to accomplish a task. Assign roles of administrator (more access) and contributor (less access) based on the responsibilities of the user.

If you are the website admin and an author, you have two different roles. Use different users for accomplishing different tasks.

Preventing access control issues also has to do with increasing the security of all your passwords.

Strong Passwords

Here at Sucuri, we always advise our customers to create strong unique passwords for everything. Nevertheless, we often see weak passwords used to secure website login for FTP, database, cPanel, and the CMS dashboard.

Everyone has their own password policy. It’s very personal and usually based on a set of assumptions about online security. Unfortunately, many users choose policies of efficiency over security.

If you are a very practical person who would love to have to memorize only one password for all your accounts, there are plenty of password generators online and most offer options to increase the length and complexity of each unique password.

Generating a password is a great way to have unique, random passwords for every account. However, like any defensive measure, best practices in password management can only minimize the level of risk.

Trusted Sources

We advise that you are careful with which sources you trust because every piece of software that powers your website is potentially vulnerable, including:

  • Web Servers
  • Website Infrastructure
  • Content Management System (CMS)

Protection and Monitoring

You can’t fix vulnerabilities in systems you don’t have any control over. The best thing to do is virtually patch flaws in real time and block attackers before they can reach your website.

The following technologies can prevent and alert you to Indicators of Compromise (IOC) before they have the opportunity of infecting your website:

Web Application Firewalls (WAF)

A Web Application Firewall is a layer of protection that sits between a website and the traffic it receives. A WAF is designed to stop website hacks and attacks.

Intrusion Detection and Prevention (IDP)

An intrusion detection and prevention system monitors a network or systems for malicious activity or policy violations.

Takeaways

In order to improve your security posture, follow some good practices tips:

  • Use the principle of least privilege. Always grant people access to a website with the minimal set of privileges.
  • Use strong, unique passwords for everywhere that requires a password in your website. A password generator can be of great help.
  • Only install pieces of software from trusted sources on your website.
  • Protect and monitor the website so that you know everything that is going on.

We have put together an easy-to-follow infographic to demonstrate what you can do to have a good security posture.

If you are looking for peace of mind, our website security platform offers both a WAF and an IDP that work as a robust security layer to enhance the protection of any website.

74
SHARES
FacebookTwitterSubscribe

Categories: Security Advisory, Security Education, Website Malware Infections, Website SecurityTags: Best Practices, Hacked Websites, Passwords, Server Security

About AJ Syed Ali

AJ is a Graphic Designer at Sucuri. He enjoys the challenge of designing graphics to help explain complex website security terms. He spends his free time drawing and learning animation. Follow him ​o​n Twitter at @Designimation02.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

The Anatomy of Website Malware Webinar

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.