Websites - Security
A secure web presence is essential for companies and organizations!
A secure website means that users’ data is protected, that it is not misused and that it does not fall into the hands of cybercriminals. User authentication must also be ensured to prevent unauthorized persons from accessing sensitive data. In addition, it is important that the website is always kept up to date to ensure optimal security. By regularly reviewing the web presence, security vulnerabilities can be detected and fixed early, which is an effective deterrent to cybercrime. To take full advantage of these benefits, it is therefore important that companies and organizations have a secure web presence.
In the area of security and protection of the website, we rely on a combination of various measures that all interlock and as a package increase the security of the website:
Basic Coverage
- Initial hardening of the environment, in particular through extensive measures in the .htaccess file
- Daily update of all WordPress components (core, plugins, themes, translations) via a special tool
- Daily backup of all data to cloud storage (outside the hosting environment)
- Scanning of relevant security channels for possible threats
- Securing the database
- Adding HTTP security headers
- Login protection through the use of passkeys for passwordless authentication.
For the basic security included in the website management package, we follow the standard procedures for securing a website, including
Advanced
We use a free "Web Application Firewall" plugin as standard to block attacks on the site in advance. A paid version can also be used for extended security. In addition, if you choose Hostinger as your hoster, for example, their built-in web application firewall is used on-top.
Cloudflare WAF
For extended requirements, we combine the previous measures with the use of a so-called "Content Delivery Network" (CDN) via the provider Cloudflare. The security measures contained there not only protect against bots by means of WAF but also against DDoS attacks. A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a target server, service or network by overloading the target or surrounding infrastructure with a flood of Internet traffic.
