An internet security expert shares 3 tips for building a secure website

Every Cybersecurity Awareness Month, the National Cyber Security Alliance and the Department of Homeland Security join forces to raise awareness about the significance of cybersecurity in everyday life. This year’s theme is “Secure Our World.”

These days, anyone can easily make a website — whether for business, to share a personal portfolio or to publish a blog. It’s also become a lot easier and more important to keep it secure. To help, today we’re sharing three actionable tips from internet security experts that everyone can use to make their websites more secure. These tips will help keep personal information and private data safe and help secure our world, one website at a time.

  1. Install a TLS certificate
    A Transport Layer Security certificate (sometimes referred to as SSL) enables the encryption of data transmitted between your website and its visitors, protecting sensitive information. It’s a must-do if your website collects personal information, such as credit card info or logins with passwords, but experts recommend installing SSL for every website. Most registrars offer SSL certificates, and you can always install one yourself through Let’s Encrypt.
  2. Opt for HSTS-preloading
    The HSTS-preload list contains websites that modern browsers know only load over a secure, encrypted connection. It is the easiest way to ensure that connections to websites cannot be downgraded to an unencrypted connection, from the first time a visitor visits your website to every time after. There are two ways to get HSTS-preloading, which will be covered below.
  3. Choose a secure hosting provider. Research and select a hosting provider with a strong reputation for security measures, such as firewalls, intrusion detection systems, and regular backups.

What many website owners don’t know is that bad actors may try to misdirect traffic, spy through open Wi-Fi networks, inject malware or tracking, or alter site content. They can use even a single page that isn't encrypted to gain access to the rest of your website. To help make your website more resistant to HTTP downgrade attacks, there are two ways to implement HSTS preloading:

  1. Add your domain to the HSTS-preload list and wait for browsers to propagate the change.
  2. Use a HSTS-preloaded top-level domain, such as .app, .dev, .page, .rsvp, and .day and receive the highest standard of website encryption from day one. There are no extra steps beyond installing an SSL certificate and no need to wait for browsers to update.

To make HSTS-preload available to more people, Google Registry is partnering with registrars to offer a 50% discount off our HSTS-preloaded domains this October. Visit safe.page/domain to get a secure domain today, and for more info on encryption and HSTS-preloading, check out this video.

Blog Article: Here

  • Related Posts

    60 of our biggest AI announcements in 2024

    Recap some of Google’s biggest AI news from 2024, including moments from Gemini, NotebookLM, Search and more.

    Our remedies proposal in DOJ’s search distribution case

    Today we filed Google’s remedies proposal based on the actual findings in the Court’s decision — our agreements with partners to distribute search.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Announcing CodeQL Community Packs

    60 of our biggest AI announcements in 2024

    60 of our biggest AI announcements in 2024

    Our remedies proposal in DOJ’s search distribution case

    Our remedies proposal in DOJ’s search distribution case

    How Chrome’s Autofill can drive more conversions at checkout

    How Chrome’s Autofill can drive more conversions at checkout

    The latest AI news we announced in December

    The latest AI news we announced in December

    OpenAI’s latest o1 model now available in GitHub Copilot and GitHub Models

    OpenAI’s latest o1 model now available in GitHub Copilot and GitHub Models