Some pages on my site include “affiliate links”. When you follow these and buy something on the other end, I get a small commission. This commission does not raise the price of your purchase. Ever. Not even a little bit.

FAQ's  →  Security

What is the easiest way for me to secure my website?

The most common answer to this question is about the protocol used to serve your pages: HTTP or HTTPS. And it’s always this: make sure your site is served over HTTPS rather than plain HTTP.

The truth, of course, is a little more complex. It’s certainly true that your website should be be served over HTTPS, which means that the full address should start with https rather than plain http (as in https://our-example-website.com, rather than http://our-example-website.com). However, proper site security also requires all of the following:

  1. Secure server and network: the computer that hosts your site and the network in which this computer resides should be carefully configured to be as secure as possible.
  2. Secure application: the software that drives your site should be as secure as possible out of the box, and further hardened as required.
  3. Secure practices: users should use strong passwords, never save passwords on public computers or share them with any other users, etc.

Ultimately, security is a multifaceted objective. Taken together, all of the above constitute the minimum basic requirements for a secure website. And since this is the minimum, you may well find that your particular situation requires additional security measures like firewalls, automated lockdown tools, tight access control lists, multifactor authentication, and the like.