Skip to main content
Information Security

Tips for Secure Web Development

Note: All links on this page are external links, and are provided as reference only.

TIP 1

Consider moving your content to the BYU Sites platform. There are many advantages to moving content, including improved security.

TIP 2

Insist that administrators and those able to manage content have strong passwords. Apply Duo two-factor authentication to your site login and do not use default passwords.

TIP 3

Implement a Secure Socket Layer (SSL) protocol to establish a secure and encrypted connection.

TIP 4

Back up your site and connected database(s) regularly.

TIP 5

Limit or deny file uploads on your website. Remove executable permissions for files and direct users to share information using another method or application.

TIP 6

Keep your software updated and patched—that includes plug-ins and extensions. Subscribe to or check for security updates regularly.

Content Management System-Specific Tips
Drupal
Wordpress
Brightspot

Put these practices into place to ensure your Drupal site remains impenetrable.

Review

User roles and permissions
Drupal core and modules for updates
Status reports for an overview of the site’s back-end status

Use

Security Modules (captcha, etc.)
Two-factor authentication
Trusted themes only SSL for your site

Remove

Default User
Inactive Users Unused/unneeded modules

12 Must Have Security Modules for Your Drupal Website

Complete Guide on Drupal Security

7 Quick Ways to Secure Drupal: Basic Security Checklist

Drupal.org Security Advisories

Writing Secure Code in Drupal

Put these practices into place to ensure your WordPress site remains impenetrable.

Do

Follow WordPress coding standards

Back up your website regularly

Update your WordPress plugins

Lock down WordPress Admin

Use a WordPress security plugin

Don't

Use an older version of PHP

Neglect checking file and server permissions

Allow file editing in the WordPress

Dashboard

Put off two-factor authentication

Keep default users and passwords

Forget to use SSL for your site

The Ultimate WordPress Security Guide – Step by Step (2019)

WordPress Security – 19 Steps to Lock Down Your Site

WordPress Security - About

How to Check for WordPress Security Updates

WordPress Security Updates

BYU Websites is a campus website management and hosting service meant to improve and simplify campus web publishing. It provides cloud hosting, security, round-the-clock monitoring, and ADA-compliant accessible design templates. Learn how to create or request a site at sites.byu.edu.