There are a variety of methods you can employ to increase your website’s security, so I’ll list the basics below.

Go With An Established Platform

Websites are normally built on a Content Management System, which is a system that allows you to maintain and edit your website without writing any code. There are hundreds of these systems available, including many good ones used by millions of people. Unfortunately, some companies try to build their own, and lack the resources to build & maintain them correctly. This leads to a system full of security vulnerabilities and bugs. There is seldom a good reason to build your own system when you can pick from existing ones like WordPress (Our personal choice), Joomla, Drupal, Django, ExpressionEngine, Magento and OpenCart (These last two are E-Commerce only).

All of those except for ExpressionEngine are available for free and have millions of users. They are quite secure compared to custom built software.

Use HTTPS

All E-Commerce sites and any website which involves a user logging in (Including you, the administrator) should be using HTTPS, which is an encryption protocol. With plain old HTTP, when you login, collect credit card details or any other personal information, that information is transmitted as plain text. That means anybody inbetween you and the server your website is hosted on can intercept it and read it, without you even knowing. This is known as a man in the middle attack, and it can be easily solved using HTTP over SSL (HTTPS). SSL is encryption, which takes plain text and changes is so that if anybody but your server intercepts it, they’ll just see random garbled text.

Any good web developer will include HTTPS in the quote they send you as it’s only about $60-140 a year, well worth it to secure your site from malicious hackers. All E-Commerce sites should implement this, especially if you have it setup to collect credit card details on your website. If you are collecting credit card details from your site and don’t have HTTPS, you risk losing your merchant account for violating safety specifications and data storage specifications.

Project Specs are documents which detail the features and functionality of a project and are signed by both parties. This ensures that both parties are aware of what needs to be done and what will be included in the finished product, and serves as a guide to measure progress.

Project Specs are used by:

• Developers – As an outline of what they need to code
• Designers – so they know which elements will need designing and styling
• Testers – so they know what things should do what
• Client – so they know what to expect in the final product.

The other and perhaps most important reason to use project specs is to avoid surprises and iron out as much detail as possible. As the famous quote goes:

“You can use an eraser on the drafting table or a sledgehammer on the construction site” – Frank Lloyd Wright

Requirements gathering also allows web designers to gain an understanding of their client’s business so they are able to offer suggestions about possible features or changes to features.

In the end, a project without a Project Spec will normally result in both sides being unhappy because of unmet expectations. It should only take an additional few hours to complete and will save countless hours in the long run.

Warning: Programming talk ahead;

Recently while working on a marketing campaign, I was coding an HTML newsletter for the client and in Gmail and Hotmail (Not Yahoo mail or RoundCube) I was getting white lines between each row in my newsletter. As you know if you’ve ever had the unfortunate experience of developing a newsletter, they have to be tables. This particular one made heavy use of images as well, as I saw how many people had the white line issue, but none of their solutions worked for me.

Finally, I found a solution. Due to inherited styles and some other weird CSS rules, images should have style=”display:block” on them to get rid of the white lines. Yeah, bizarre, but it works. Really. (If it doesn’t make sure you’ve tried all the regular things like cellspacing and cellpadding). Personally I like coding newsletters, they are a bit more of a challenge then most things (HTML related anyways).