General website security, how we do it.
The security of our client’s data and their user’s data is one of our highest priorities. Maintaining maximum levels of website uptime is paramount to both our success with any project and we make no compromises in achieving this.
Below is an outline of the methods and security measures we implement:
A UK-based dedicated hosting environment
A low-level shared hosting environment is one of the biggest causes of successful malicious attacks on websites, and something we don’t compromise on regardless of cost. Ensuring the website and its data stands alone means that it can’t be compromised by any third parties and their potential negligence or vulnerabilities within their code.
Best practices with any stored sensitive data
Administrator accounts will be created and assigned with secure complex passwords and abstract usernames. A reasonable minimum strength level will be required for the passwords of any new users registering on the site. All passwords and other sensitive data will be encrypted within the database.
SSL and HTTPS
An SSL certificate will be installed, with the whole site over HTTPS. This ensures that any data sent between the website and the user’s browser is encrypted, even non-sensitive data.
Strict third party software selection and version control
Our first approach is to custom build the various aspects of website functionality where feasible to do so. This gives us maximum control over the code. Sometimes though, third party software must be used to accommodate budgets, timescales and other constraints. Any software that we choose must meet our requirements in terms of code quality, versatility, support and longevity going forward. It must align with our objectives and not hinder the user experience.
We recognise the importance of extension and plugin maintenance and make sure that we are using the latest versions. We will ensure that any third party code used on the website is kept up to date as and when any patches are released.
Regular automated scheduled backups
The backup process is equal to the general overall security of our websites, especially with e-commerce solutions where user information is stored and data moves around regularly. Our hosting solution provides daily backups as standard, but we like to go a step further and integrate a backup process within our CMS solution. This means we can schedule even more backups, multiple times each day if necessary. It also gives us extra options in the event that we need to restore the website and its data to a previous state, quickly and efficiently, minimising any downtime.
Skilled development with security in mind
We are well versed in secure coding and best-practice development techniques. This covers a range of areas, such as where data is submitted and received from the web browser, and the validation of that data itself.
We do a security audit during the testing phase and make sure all the boxes are ticked.
Training, support and an on-going relationship
We train and support our clients on best-practices when managing the website content and its users as best we can. We like to keep an eye on things, and are always on hand when needed.
We take great pride in our websites being stable, robust and secure, and recognise our duty in keeping them that way for the duration of their time on the web.