Tips for Secure Web Development
Note: All links on this page are external links, and are provided as reference only.
|Consider moving your content to the BYU Sites platform. There are many advantages to moving content, including improved security.|
|Insist that administrators and those able to manage content have strong passwords. Apply Duo two-factor authentication to your site login and do not use default passwords.|
|Implement a Secure Socket Layer (SSL) protocol to establish a secure and encrypted connection.|
|Back up your site and connected database(s) regularly.|
|Limit or deny file uploads on your website. Remove executable permissions for files and direct users to share information using another method or application.|
|Keep your software updated and patched—that includes plug-ins and extensions. Subscribe to or check for security updates regularly.|
| Put these practices into place to ensure your Drupal site remains impenetrable.
User roles and permissions
Security Modules (captcha, etc.)
Put these practices into place to ensure your WordPress site remains impenetrable.
Follow WordPress coding standards
Back up your website regularly
Update your WordPress plugins
Lock down WordPress Admin
Use a WordPress security plugin
Use an older version of PHP
Neglect checking file and server permissions
Allow file editing in the WordPress
Put off two-factor authentication
Keep default users and passwords
Forget to use SSL for your site
BYU Websites is a campus website management and hosting service meant to improve and simplify campus web publishing. It provides cloud hosting, security, round-the-clock monitoring, and ADA-compliant accessible design templates. Learn how to create or request a site at sites.byu.edu.