Skip to main content
June 5, 2017
Answered

Very basic question about setting up a secure site

  • June 5, 2017
  • 4 replies
  • 641 views

I'm trying to set up a very basic site with no CMS, no web forms, no search forms. I'm not a dev person at all, but I'm inclined to do it myself since the design is so straightforward, but the site does need to be secure because the nature of the site might attract hackers. Assuming I have a great back-end dev professional and use Let's Encrypt, is there any reason I shouldn't do this myself with DreamWeaver? My understanding is that user input and third-party CMS software causes the bulk of security issues.

Thanks for any input!

This topic has been closed for replies.
Correct answer pziecina

I'm not certain why you are asking this question.

First you say that the site is simple, has no back-end code, then you say you have a great back-end developer and the site needs to be secure. Lets encrypt, whilst on first impressions provides a simple certification for https, it does not provide the actual security guarantee of a signed https certifacate. Plus all it does is encrypt the connection not the sites code on the server.

Every site may attract hackers, but if the 'nature' of the site is such that you think security is so important, a genuine signed https certificate is preferable, not just for yourself, but also for your sites visitors. Most good hosting providers now have https as standard, or allow you to purchase a certificate for a small fee. It is then just a matter of ensuring that all code and assets are within the specified folder.

4 replies

Nancy OShea
Community Expert
Community Expert
June 5, 2017

Google wants to see every web site buy into  SSL certificates.  Google gives a very slight edge to HTTPS sites  on search results pages. Contact your hosting provider to assist you.  This is not something you can do with Dreamweaver.

SSL Certs do not protect you from hackers nor ensure that you or your host are using safe web practices.  It merely means you paid a nominal fee for a secure sprocket layer on your hosting server.  That's all it does.   If it makes you and Google happy, then do it.  If you don't feel you need it, then don't do it. 

Based on what you have told us so far, it sounds like you don't need it.  But it's your decision.

Nancy

Nancy O'Shea— Product User & Community Expert
Rob Hecker2
Legend
June 5, 2017

My understanding is that user input and third-party CMS software causes the bulk of security issues.

That is correct.

You don't need to do anything. You don't even need SSL.

Can your site still be hacked? Yes, via FTP. Someone could change the content of your website. The best protection against this is to use a dedicated server or VPS. Shared hosting accounts are notoriously vulnerable to such attacks.

Legend
June 5, 2017

If you have no CMS (Content Managment System) and no web forms for users to interact with then you can't make the site any more secure, short of not publishing it. The only thing you have left to hack is the content but if you can see it you can copy it. Maybe you are talking about hacking into the ftp area and changing the content?

pziecina
pziecinaCorrect answer
Legend
June 5, 2017

I'm not certain why you are asking this question.

First you say that the site is simple, has no back-end code, then you say you have a great back-end developer and the site needs to be secure. Lets encrypt, whilst on first impressions provides a simple certification for https, it does not provide the actual security guarantee of a signed https certifacate. Plus all it does is encrypt the connection not the sites code on the server.

Every site may attract hackers, but if the 'nature' of the site is such that you think security is so important, a genuine signed https certificate is preferable, not just for yourself, but also for your sites visitors. Most good hosting providers now have https as standard, or allow you to purchase a certificate for a small fee. It is then just a matter of ensuring that all code and assets are within the specified folder.