Web site security should be one of the top priorities of any website owner. The people who may take aim upon your Web site include a range of people from mischievous pranksters to spam masters to unscrupulous website owners seeking to drive traffic to their own sites by hijacking yours.
No site, however small, is immune from these evildoers.
It is not funny when your Web site gets blacklisted by search engines and email traffic controllers because you are unwittingly sending out spam from your site or sending people to some site selling pharmaceuticals, selling pirated software, or running offshore gambling operations. But it does happen, and the damage to your reputation can take months to repair even after your site is free of the offending code.
Theoretically, there is no such thing as a totally secure website; however, certain practices can make your site unavailable to all but the most skilled and most determined. These practices fall into five areas:
- Password practices
- Email security
- Web form validation
- WebApp risks
- WordPress user names and public names