Common Sense Security
There is a lot to know about security. Many of the things to be aware of during Internet use and website management are common sense.
I want to make it clear this article does not address all security issues. Only three are addressed here, pointing out some common sense issues, not as comprehensive treatments.
Using Content From Other Websites
Site owners, if you use content from other websites - articles, ads, and widgets, as examples - consider this: When the other website delivers the content to your website, they can deliver whatever they wish.
Any content or code they wish to put on your web page, they can, including replacing your entire page with their own.
Statistics and other behind-the-scenes services delivered to your website can also deliver whatever they please to your web page.
This "Risks of Linking to Others' JavaScript Files" blog post goes into more detail about what can be done to you and your site visitors with code delivered from other websites.
Although slanted to JavaScript content, the post's message can apply to content delivered through PHP or other means.
Do you trust that other website? Completely? If no, it may be prudent to omit their code from your web pages.
Sensitive/Confidential Information And Web Page Forms
Internet user point of view
Before providing credit card number or password or other critical information, you make sure the form is on secure server. You do that, right?
Here's how to tell, and both of these should be confirmed:
-
The URL in the browser's address bar needs to be an https://... URL (note the "s" following "http").
-
The "secure" icon of your browser, probably a padlock, needs to be in the closed or locked position.
And there is one more thing to check. Do you trust the people you are sending your info to? If not, get outta there.
Site owner point of view
Some hosting companies provide a shared secure server with their hosting accounts. Unless your business requires a secure server with your domain name in the URL, the shared one can do the job.
One is as good as another insofar as security goes.
The form on the secure server must submit to software on the secure server. That software stores the submitted information. (Email is not secure.) Then, secure software is used to get the information from the secure server.
The "A Master Secure Form Processor" blog post contains information about how to set up a secure form and what software to use.
The recommended software titles are Master Form V4 to process the form submission and Secure View and Remove to securely get the information from the server.
As of this writing (until July 29), there is a sale going on where you can get both of the recommended titles for the price of one. Buy Master Form V4 and get Secure View and Remove free.
Email Lures
Money-related emails abound that try to lure the unsuspecting into providing personal, log in, and financial information.
From "something went wrong with your account" to "you made this payment" to "help us recover this money," they all either immediately or eventually require some or more of your personal, log in, or financial information or a payment from you in order to satisfy whatever got you to take the bait in the first place.
Here are a few common sense things you can do to help protect yourself from email scams:
-
When the luring email has a link, and you feel you really must visit the website, type the link into your browser instead of clicking on it. The real browser destination can be hidden in the visible portion of the link. If your browser ends up at a URL different than what you typed in, close the browser immediately. They are not to be trusted.
-
If the luring email says there is a problem with an account of yours, type the URL of the website where you have the account into your browser, not the URL in the email, or use a bookmark you created earlier, to make sure you end up at the website you want and not one made to look like the one you think you are at. Then, find a telephone number on the website or a support form and find out whether or not the email is real.
-
If the luring email is from a stranger and asks for help in moving or obtaining or securing money, it is a scam to part the greedy with their money. With one seemingly reasonable excuse or another, someone will require a bit of your money in order to obtain the much greater reward. Don't be greedy. You will lose.
Some of the email lure perpetrators are really good at what they do. They can fabricate emails and websites that appear exactly like the originals. Even the from and other headers of emails can appear identical. They get you when you click on a link or fill in a form with your personal, log in, or financial information.
And then you're sunk. Another scammed statistic.
Will Bontrager