Cyber Security Center

Website security

Website security

Building a website is becoming increasingly easier because of various tools and services, which is great not only for business owners but for hackers as well. Almost anyone with a basic understanding of web development can build a website, which means webmasters may overlook website security because of their inexperience. And websites with lax security often become targets of cyber attacks.

Here are some basic practices that will help you improve your website’s security. Recommendations are primarily aimed at government and municipal institutions, but are also applicable for individual users.

Recommendations for improving website security:

  • Make sure firewall configurations are compliant with manufacturers’ proposed practices;
  • Set up the firewall to only allow connection to web content management systems (WCMS) via internal company network or set IP addresses;
  • Use Web Application Firewall;
  • Monitor connections to used ports, and close unused ones;
  • Prohibit access to servers through all ports and protocols, unless they are necessary for the website to function;
  • Use scanning software to check for vulnerabilities in website and database security;
  • Regularly update Open-source WCMSs (WordPress, Joomla);
  • Do not use unnecessary WCMS plugins, and regularly update ones that are used;
  • Regularly change passwords of admins and users who have access to WCMS;
  • Eliminate websites whose managers cannot ensure compliance with established safety requirements and recommendations.