Online security is a constant challenge. Hacking techniques are evolving as fast as technology, and it is important to keep up to date with the latest web security measures. Protecting your site means protecting your data as well as that of your visitors and customers. Cyber attacks in a few figures are :

• 978 million people affected by cyber attacks every year
• 1 in 2 French companies will be targeted by a cyber attack in 2021
• Cybercrime costs $6,000 billion every year
• 30% data theft
• 29% denial of service
• 24% of data encrypted by ransomware
• 23% identity theft

Even the largest companies are victims. In 2021 we can mention Axa Partners, Microsoft Exchange, Acer, etc.

The types of cyber attacks are numerous, phishing or spear-phishing, exploitation of vulnerabilities, scams, acquisition of domain names illegitimately, SQL injections, DDos attacks, etc. and the security systems to counter them are just as numerous.

In this article we make a checklist of security systems to integrate into your website or e-commerce site to limit these cyber attacks.

Block spam

What is spam?

To improve the user experience, some websites offer their visitors, community, customers to leave comments. Whether it's customer reviews, comments in a blog or any other message that visitors often attach great importance to. Hackers are aware of this and are increasingly active in publishing false comments and reviews to disrupt the site, its sales, its reputation.

Although comments are not recommended for assessing the reliability of a website, they are often a criterion taken into account by Internet users and have a major impact on the level of trust. In addition to Internet users, it is also search engines such as Google that pay attention to these comments. It is therefore your natural SEO that can be impacted.

How to counter spam on a site?

Moderating your content is important, and you need to develop a policy for dealing with spam. Many tools or integrations allow you to manage this content. To limit spam on your webflow site, you can for example use Disqus. This tool is a first spam filtering system, used by many webmasters and cybersecurity professionals.

Protect your site from DDoS attacks

What is a DDoS attack?

The objective of a DDoS attack is to make a service unavailable. There are several ways in which hackers can proceed with a DDoS attack, for example

• flooding a computer network to prevent it from functioning
• disrupting connections
• limit access to a third party

Typically, this involves sending tons of information at once to a site to bring down its servers. At first the site will be taken offline, but then it will also be a way to breach the security system.

As a result, hackers will be able to embed malicious code, and this will also have a considerable impact on your natural referencing.

How to protect your site from DDoS?  

The best way to protect your site from DDoS is to choose a reliable web host. This means a host that provides you with the main security standards, such as an SSL certificate, a fast service with for example a global CDN, etc. A quality host is also a provider that performs regular checks to test the vulnerability of its service.

A website hosted at Webflow benefits from the full protection of Amazon Web Services Shield, AWS. The AWS security system has one of the highest levels of protection in hosting. Whether it is in terms of vulnerability identification, authentication security, infrastructure protection or data protection, AWS is a trusted provider for a website.  

Have an SSL certificate

What is an SSL certificate?

The SSL certificate or Secure Sockets Layer, is the best known protection system of all. It is the closed padlock that you find in the URL of the (secured) sites you visit. SSL security is not a requirement, but it has almost become a standard on the web. Google has announced that it penalizes sites that do not have an SSL certificate.

SSL will create an encrypted, and therefore secure, channel between two devices or servers that communicate over the internet. The most common use of SSL is to secure communications between a web browser like Google and Webflow servers. A secure site will see its URL change from HTTP to HTTPS, where the "S" stands for "Secure".

‍

‍

‍

SSL security is therefore also important. Most sites are now equipped with it, because it allows you to protect your data as well as those of your visitors and customers. Sensitive data such as credit cards, addresses, etc. are therefore protected.

How to obtain an SSL certificate for your website?  

An SSL certificate can be added to your domain name by asking your certificate authority, but it can also be set up on its web host or its own servers. Some certificate authorities such as Let's Encrypt offer free SSL certificates.

CMS such as Webflow also offer a free SSL certificate to all the sites they host. You will be able to set up your Webflow SSL certificate in one click.

Use HTTP/2

What is an HTTP/2 request?

HTTP/2 is the new version of HTTP requests. Developed by Google, this new standardspeeds up data exchanges between the server and the user. The data now passes through several TCP (Transmission Control Protocol) connections and is by default secured in https. In addition, search engines such as Google largely favour the SEO of sites that have integrated an HTTP/2 protocol.

How to use HTTP/2?

Check with your web host, as not all offer HTTP/2 hosting. Webflow on the other hand proposes by default to all its sites the use of a HTTP/2 protocol to optimize speed and security.

Preventing brute force attacks

What is a brute force attack?

A brute force attack is a method of testing a multitude of combinations to find a password or a computer key. The objective is to obtain login information or display encrypted data.

How to block brute force attacks?

As with DDoS attacks, the hosting company is again at the forefront of protecting you from them. Webflow adds an additional security by tracking IP addresses that make repeated connection attempts when submitting forms.

Protection against XSS cross-site scripting

What is XSS cross-site scripting?

Hackers use this method to insert malicious code into your website and damage it. These cross-site XSS scripts are also used to break into users' computers and access their private data.  

How to block cross-site XSS scripts?

Amazon Web Service (AWS), the Webflow hosting company, has put in place numerous security measures to block these cross-site XSS scripts. A Webflow site is therefore perfectly protected against this type of web threat.

Limit SQL injection attacks

What is an SQL injection?

SQL injections, or SQLi, is a method used by hackers to exploit hundreds of security holes to interact with the databases of a website or web application. SQL queries are computer languages used to access databases, and hackers use fake SQL queries to access them. Servers have difficulty distinguishing between real and fake SQL queries.

How to block SQL injections?

Using secure code, protecting the server and using upstream Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) are ways to limit these attacks. The hosting provider AWS has put in place a security shield to protect against these types of attacks and block malicious SQL code.

Back up your web data

Why backup your website data?

Despite all the security precautions you take, no system is inviolable. We therefore recommend that you back up your web data.

How to back up your website data?

Backing up your web data does not have to be done manually, as many web hosts offer this service. Webflow for example offers automatic backups of your website. You have access to all your web history according to days and hours. The premium version of Webflow offers an unlimited history of your website. All your old data is therefore also secured.

Secure your online payments

What is a secure online payment system?

A secure payment is a payment that is encrypted from end to end: your credit card number, expiry date and cryptogram.

How to have secure online payments?

For this we recommend that you go directly to a trusted third party such as Stripe or Paypal, the two leaders for online payments. Stripe is certified Service Provider level 1, thus meeting all the standards in terms of payment security.

Choose an ISO/IEC 27018 certified host

What is the ISO 27018 standard?

The ISO 27018 standard is a set of measures that a web host must take to protect the data it stores in the cloud. This standard is partly based on the ISO 27002 standard for information security in the public cloud. It is therefore a proof of respect for international best practice in the protection of personal and confidential data.

Choose your ISO 27018 web host

Find out about the certifications of your web hosting provider. Amazon Web Service has been certified ISO 27018 by EY CertifyPoint, accredited by the Dutch Accreditation Council and member of the International Accreditation Forum (IAF). By default, all Webflow sites benefit from these protection standards.