FAQ'sSecurity

Is my website secure?
Probably not.
Unless you have actively thought about your sites security (or are using a managed hosting provider that thinks about it for you), you likely have at least a few potential security holes.
Here are a handful of basic security precautions you should be taking with any website:
  • Use a strong password for your hosting account, FTP accounts, email accounts, and any other accounts associated with your website.
  • Do not use the same password for all your different accounts.
  • Do not email your password or store it in plain text anywhere.
  • Restrict FTP and SSH access to your IP address.
  • Enable two-factor authentication on your hosting plan and your domain name registrar.
  • Keep all of your software and plugins up to date.
  • Back up your data regularly.
  • Use a CDN that provides DDOS protection.
  • Enable HTTPS on your site by getting an SSL certificate.

Since WordPress is the most popular content management system, here some WordPress-specific security tips:

  • Do not use the default "admin" as your administrator user name
  • Install the Bad Behavior and Akismet plugins to combat spam
  • change your user nickname, so that your login name isn't publicly visible in posts and URLs
  • Limit login attempts
How to protect customer data on website?
  • Use mature, Open Source software
  • Install an SSL security certificate
  • Force HTTPS for all connections (this requires a security certificate)
  • Use trusted payment processors
  • Follow all of the security precautions listed above.
What is a security certificate?
To understand a security certificate, you first have to understand Public Key encryption.
Public Key encryption works like this: there are two "keys" — a key is a very long string of seemingly random data that is used as a value in an encryption formula. One key is Private, known only to one party (in this case, the website owner). The private key has a "matching" Public key, which is published and available for anyone to use.
A message can be encrypted using the Public Key, and it can only be decrypted with the Private Key. This way you can send sensitive data securly, and only the one who is supposed to get it will be able to decrypt it.
The other interesting thing is that you can encrypt data with the Private key, and only the Public key will be able to decrypt it. This may seem meaningless — if the Public key is Public, then anyone can read the message. That's true, but this accomplishes something more important: it verifies that the message was in fact sent by the party who who says they sent it — only the owner of the Private Key could encrypt the data this way. (This is called "signing.")
When you use HTTPS, you are communicating with a website via a series of encrypted messages. Your messages are sent encrypted via the Public Key (ensuring only the website gets your data) and responses from the web server are sent signed by the Private Key (ensuring that they are authentic).
So what does the SSL certificate have to do with this?
Once you are certain that the Public Key you are using belongs to the website that you are visiting, and that the website is trustworthy, the rest of the process is secure. But the Public Key doesn't guarantee identity by itself — a malicious agent could create a fake Public Key and send it to site visitors, and intercept data between site and visitor.
You need some way of verifying that the Public Key is the right one, that it authentically identifies the correct party.
This is what an SSL Certificate does — it certifies the identity of the Public Key.
How to get a security certificate?
You buy one from an SSL certificate provider. Most hosting companies partner with an SSL certificate vendor, and make it easy to buy one as an account upgrade.
Can I use SSL certificate on shared hosting?
Yes, but you will need a Dedicate IP address.
Do I need SSL?
You need an SSL certificate if you are handling any sensitive customer data. Ecommerce sites, hich usually handle credit card payments, definitely need an SSL certificate. A site that allows for personal or private communication — email, messaging, file storage — needs a certificate.
Even if you don't have a specific requirement for an SSL security certificate, you may want to get one anyway. A number of organizations have recognized that HTTPS promotes safer browsing generally. Google agrees with this, and actually provides an SEO benefit to sites that use HTTPS as an incentive to encourage more sites to adopt it.
What is HTTPS?
HTTPS is secure HTTP. It is the protocol used when communicating with a website over SSL.
Why do I get an error with HTTPS?
If visitors to your site are getting an error when they try to use HTTPS, it is likely a problem with your SSL certificate. Make sure you have one, that it is up to date, and that it is installed properly.
What security is needed for credit card transactions?
Credit Card transactions should always be run over SSL (HTTPS). Credit card numbers should only be stored in a highly secure, encrypted datastore (which usually means — not the application you are building currently, but with a mature, well-regarded payment processor).

Daffodil prides itself as one of the leading IT enabled service in Bangladesh.
02 9116600 +88 01713-493247 Quick Support