The Local CSP Moodle plugin allows administrators to create and manage the Content-Security-Policy (CSP) HTTP header without manually editing the .htaccess file. CSP works as an allowlist to specify what types of content, and from what origin (internal and external), supporting web browsers can load within your website. Think of it as a “code firewall.” Read More >
Search Results for: Content Security Policy
Add Content-Security-Policy (CSP) in Drupal 8
The Content-Security-Policy Drupal module helps you configure a Header set Content-Security-Policy header to specify what sources your website should load scripts from – (e.g. your own website, embedded YouTube video, and analytics trackers). This forces supporting web browsers to ignore other external requests to mitigate cross-site scripting (XSS) and other code injection attacks. There are Read More >
Cloud Server Security – Best Practices
Cloud server setup can vary greatly since you are free to utilize any combination of software and applications to fit your needs. Opting for a cloud server versus a cPanel-managed VPS means greater control over your Linux operating system (OS) and environment. But, this also means that it’s your responsibility to implement measures to help Read More >
CyberPanel Security Vulnerabilities
It is always a good idea to investigate how secure an uncommon software is before installing it. This applies to CyberPanel as it is one of the least popular Linux control panels we’ve covered. In this article, we’ll discuss some important CyberPanel security concerns and solutions. Cybersecurity Risks Common Vulnerabilities and Exposures (CVEs) CyberPanel Security Read More >
10 Magento Security Tips
It is important to stay on top of Magento security practices to protect your website and customer data against cyber intrusions. Below we’ll cover some tips for hardening your Magento website hosting and web server. Initial Setup The following tips should be done during the Magento installation. However, there are still ways to implement them Read More >
Drupal Security.txt File
Have you ever considered creating a Drupal security.txt file? The security.txt file is a standardized format meant to create a uniform approach for security vulnerability disclosure. The formatted text will generally include: https://securitytxt.org walks you through building a full security.txt file. However, the Security.txt Drupal module is the best option if you can’t or don’t Read More >
Joomla 4 Security HTTP Headers
Learning how to secure Joomla 4 is easier than ever before. With the pre-installed HTTP Headers Joomla plugin, you can add up to ten security HTTP headers to protect your data against next-generation cyber attacks. How to Secure Joomla 4 with HTTP Headers Log into your Joomla 4 administrator dashboard (e.g. https://example.com/administrator). Select System from Read More >
Improve ownCloud Server Security
How secure is ownCloud? As with most stable software, the answer depends on how well you protect your instance against ownCloud security issues. There are many ownCloud vulnerabilities listed in the National Vulnerability Database (NVD). Fortunately, there are many countermeasures you can implement to protect your ownCloud server from these and server level cyber intrusions. Read More >
How to Add a Password Policy in ownCloud
A strong password policy in ownCloud ensures all users do their part in thwarting password-based cyber attacks. These features aren’t included by default. However, there is a free add-on app for enforcing a strong password policy in ownCloud. It won’t resolve all ownCloud security issues, but it is a good start. Install the ownCloud Password Read More >
HTTP Headers WordPress Plugin for Better Security
The HTTP Headers WordPress plugin allows WordPress Hosting administrators to create and manage HTTP headers to improve security, privacy, and performance for visitors without needing to manually edit the .htaccess file. This is useful for: In this article, we’ll discuss the most popular HTTP security headers available within the HTTP Headers WordPress plugin that can Read More >
How to Add Referrer-Policy and X-Frame-Options in Zenphoto
After installing the Zenphoto image gallery content management system (CMS), available in Softaculous, there are multiple ways to easily improve website security: Force HTTPS (SSL certificate) Enforce minimum password strength Data privacy settings for GDPR and CCPA compliance But as stated in our Web Hosting New Year’s Resolutions for 2020 blog earlier this year, there Read More >
Add Feature-Policy in Drupal 8 with the Security Kit Module
The Feature-Policy HTTP header specifies what browser features can be used on a website and its <iframe> elements. The most common browser features among a long list are autoplay (for videos), camera, fullscreen, and microphone. Below we’ll cover how to install the Security Kit module in Drupal 8 and enable Feature Policy. Get high performance Read More >
Add X-Frame-Options in Drupal 8 with the Security Kit Module
The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks. Below we’ll cover how to install the Security Kit module and enable X-Frames-Options. Mozilla recommends using the superseding Content Security Policy Read More >
WP Cerber Security Hardening Options
With WP Cerber Security having so many features, it can replace other single-purpose WordPress security plugins you may have installed. It can set up a maintenance page for when your website is under construction. It has an access control list (ACL) and custom email notifications. WP Cerber Security includes many other features as smaller “hardening” Read More >
How to Manage ConfigServer Security & Firewall (CSF) Profiles
In this article: Backup Restore Compare Configurations It behooves managed VPS with cPanel (or unmanaged VPS) and Dedicated server administrators to understand backup options available within WebHost Manager (WHM): cPanel, website, database, WHM-scheduled backups, and Softaculous backups. There’s also Snapshots in your Account Management Panel (AMP). If you’re auditing logs for how well your security Read More >
Enable HSTS in Cloudflare for Stronger SSL Security
Whether you’re using shared or VPS hosting services to create a website, it’s important to have a SSL certificate for added security. But it is not enough to install a domain validated SSL. You need to ensure your web server only serves website requests with an encrypted connection. This is accomplished with a 301 redirect Read More >
How to Configure Security Policies in WHM
WebHost Manager (WHM) includes many tools to help you secure your cPanel server. Steps such as limiting logins by IP address, enabling two-factor authentication (TFA), and setting password strength and age limits can greatly increase the security of your server. In this guide, we will show you how to configure the security policies of your Read More >
Why Security is Important for Small Business Websites
Security is an important ongoing task when you create a website, with or without an e-commerce store. Cyber attacks aren’t slowing down. But you don’t want your small business slowing down as a result to this. And it doesn’t have to. There’s always news covering the consequences of businesses being hacked for personally identifiable information Read More >
Add Privacy Policy Page to WordPress – GDPR Compliance
WordPress has provided an easy way to add a Privacy Policy page to your site, for users who are concerned about the new data privacy laws in the EU: GDPR. In this article, we’ll show you how you can easily add a privacy policy page to a WordPress site. Adding a Privacy Policy page is Read More >
How to Install CSF for Better cPanel Server Security
ConfigServer Security & Firewall (CSF) is a stateful packet inspection (SPI) firewall with login/intrusion detection capabilities for Linux VPS Hosting running CentOS, Ubuntu, and other Unix operating systems. Simply put, CSF simplifies the proactive and reactive processes related to Linux cybersecurity. What is CSF? Uninstall APF from your InMotion cPanel Server Stop APF and Remove Read More >
