Websites - Security
A secure web presence is essential for companies and organizations!
A secure website means that users’ data is protected, that it is not misused and that it does not fall into the hands of cybercriminals. User authentication must also be ensured to prevent unauthorized persons from accessing sensitive data. In addition, it is important that the website is always kept up to date to ensure optimal security. By regularly reviewing the web presence, security vulnerabilities can be detected and fixed early, which is an effective deterrent to cybercrime. To take full advantage of these benefits, it is therefore important that companies and organizations have a secure web presence.
In the area of security and website protection, I rely on a combination of different measures that all work together and increase the security of the website as a package:
Basic Coverage
- Initial hardening of the environment, in particular through extensive measures in the .htaccess file
- Daily update of all WordPress components (core, plugins, themes, translations) via a special tool
- Daily backup of all data to cloud storage (outside the hosting environment)
- Scanning of relevant security channels for possible threats
- Securing the database
- Adding HTTP security headers
- Login protection through the use of passkeys for passwordless authentication.
For the basic security included in the website management package, I follow the standard procedures for securing a website, including
Advanced
By default, I use SolidWP as a “web application firewall” to block attacks on the site in advance. For enhanced security, additional protection against “first-day attacks” is used by means of a patch stack.
Cloudflare WAF
For extended requirements, I combine the previous measures with the use of a so-called “Content Delivery Network” (CDN) using the provider Cloudflare. The security measures contained there not only protect against bots by means of WAF but also against DDoS attacks. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a target server, service or network by overloading the target or surrounding infrastructure with a flood of Internet traffic.