# Website Security

## havana8

Hello guys!  :Smile: 

I have a question concerning my website security. I would like to know what are the tips and tricks for keeping your site protected from hackers, malware, etc.? I wouldn't like my visitors to be infected and would like to have everything under control!

Hope you can help me out!

----------

## audiodef

We'd need to know more. Are you using Apache? MySQL? PHP? Etc. Is it your system of your own design? Security for coding your own site differs from security for a Joomla-based site, for example.

----------

## Hu

Minimize external dependencies used by your site.  Don't run ads managed by an external entity; these are a disgustingly common source of malware.  Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).Enable HTTP Strict Transport Security.Enable Content Security Policy.Beyond that, as audiodef says, we need specifics.

----------

## Ant P.

And use HTTPS: a lot of ISPs have proven themselves not above committing MITM attacks to inject ads.

----------

## havana8

I went with Apache because I've heard that it is the most used one.

----------

## havana8

 *Hu wrote:*   

> Minimize external dependencies used by your site.  Don't run ads managed by an external entity; these are a disgustingly common source of malware.  Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).Enable HTTP Strict Transport Security.Enable Content Security Policy.Beyond that, as audiodef says, we need specifics.

 

Thank you for the suggestions! I suppose a good move is to get an HTTPS certificate?

----------

## Hu

Yes.  For a public site, EFF's Let's Encrypt will give you a free ~90-day certificate, with free renewals as needed.  Renewals can be automated for most common web server types.

----------

