Knowledge Base
Web Security
Securing your website protects your data, your clients, and your reputation. This section covers SSL certificates, website firewalls, malware protection, and best practices for safe online operations. Learn how to configure security settings, monitor threats, and prevent breaches with practical, step-by-step instructions.
What is SSL certificate
An SSL certificate (Secure Sockets Layer) is a digital certificate that authenticates the identity of a website and enables an encrypted connection.
It creates a secure channel between the visitor’s browser and the web server, preventing attackers from intercepting or modifying data.
SSL certificates are essential for websites that handle sensitive information such as login credentials, personal details, and financial transactions.
When a website has an SSL certificate, the URL begins with HTTPS instead of HTTP, indicating a secure connection.
A padlock icon appears in the browser address bar to visually confirm the security of the connection.
SSL certificates come in different types depending on the level of validation:
-
Domain Validation (DV) – validates only that you own the domain.
-
Organization Validation (OV) – validates domain ownership and organization identity.
-
Extended Validation (EV) – provides the highest trust level with a green address bar in the browser.
SSL uses encryption protocols such as TLS (Transport Layer Security) to secure data.
Besides securing data, SSL also protects against phishing attacks and ensures data integrity.
Web browsers and search engines give preference to HTTPS websites over HTTP, which can improve SEO ranking.
SSL certificates have expiration dates, usually between 90 days and 2 years, and must be renewed before they expire.
How to install SSL certificate
Installing an SSL certificate secures your website and encrypts all data exchanged between your site and visitors
Requirements Before Starting:
CRT file (Certificate): This is the main certificate file.
Private Key (KEY): The file that matches the certificate and must be kept secure.
CA Bundle: Intermediate certificate files that ensure proper validation in browsers.
Access to your hosting control panel or client dashboard.
Domain ready for HTTPS activation.
Step 1: Log in
Open your hosting control panel.
Enter your username and password.
After logging in, you will arrive at the main dashboard of the control panel.
Step 2: Go to SSL/TLS Section
Look for a section named SSL/TLS, Security → SSL Certificates, or Manage Domains → SSL.
This section is dedicated to managing SSL certificates for all hosted domains.
Step 3: Select Your Domain
From the list of domains, select the domain you want to secure with SSL.
Make sure you choose the correct domain, especially if multiple domains are hosted.
Step 4: Upload SSL Files
CRT file: Upload this first. This is your main certificate.
Private Key (KEY): Upload this next. It must match the CRT file.
CA Bundle: Upload the intermediate certificates to ensure proper browser validation.
Important Tips:
Do not rename any of the files.
Make sure the CRT and KEY match.
CA Bundle is required to prevent browser warnings.
Step 5: Apply the Certificate
After uploading all files, click Install or Apply, depending on the control panel.
The system will automatically verify the files.
Once verified, HTTPS will be activated for your domain.
Step 6: Verify the Installation
Open your domain in a browser.
Check for the padlock icon next to the address bar.
Test multiple pages to ensure HTTPS is applied across the entire website, not just the homepage.
Step 7: Notes and Troubleshooting
If the padlock does not appear:
Check that the CA Bundle is uploaded correctly.
Make sure the CRT file matches the KEY.
Clear browser cache or test in another browser.
Keep the private key secure at all times.
SSL certificates expire; monitor the expiration date and renew before it expires.
This version is fully detailed, step-by-step, sentence by sentence, so a user can follow it without confusion and without needing anything outside the hosting system.
If you want, I can make the same highly detailed format for the other SSL topics: Check SSL Status, Protect Website, Website Firewall, ready for the Knowledge Base.
How to check SSL status
Protecting your website ensures that it remains secure from hackers, malware, and unauthorized access.
Requirements Before Starting:
Access to your hosting control panel or client dashboard.
Your website and domain ready to implement security measures.
SSL certificate already installed (optional but recommended).
Step 1: Log in to Your Hosting Panel
Open your hosting control panel.
Enter your username and password.
After logging in, you will reach the main dashboard.
Step 2: Navigate to Security Section
Look for sections named Security, Website Protection, or Firewall & Security.
This section contains tools and settings to secure your website.
Step 3: Enable HTTPS
If you have an SSL certificate installed, make sure HTTPS is enforced for all pages.
Check the option Force HTTPS or Redirect HTTP to HTTPS in your control panel.
Step 4: Enable Firewall Protection
Locate the Website Firewall or WAF (Web Application Firewall) option.
Enable it to filter and block malicious traffic before it reaches your website.
Configure rules if available (block suspicious IPs, protect login page, etc.).
Step 5: Enable Malware Scanning
Find the Malware Scan or Security Scanner tool.
Run a full scan of your website files and directories.
Remove or quarantine any infected files found.
Step 6: Update Software
Keep your website platform, plugins, and themes updated to the latest versions.
Outdated software is the main cause of vulnerabilities.
Step 7: Backup Your Website Regularly
Create regular backups of all website files and databases.
Store backups securely, preferably in a separate location or cloud storage.
Step 8: Test Security Measures
Open your website in a browser and check:
HTTPS is active
No security warnings appear
Firewall or protection notifications in your control panel
Step 9: Troubleshooting Common Issues
If security warnings appear:
Check firewall rules for any misconfiguration.
Verify SSL certificate validity.
Re-run malware scans if infections are suspected.
Regularly monitor your website logs for unusual activity.
How to protect your website
Protecting your website is essential to prevent hacking attempts, malware infections, data loss, and unauthorized access.
Website security is not a single action. It is a combination of settings, updates, monitoring, and proper configuration.
Requirements Before Starting:
Access to your hosting control panel
Administrative access to your website (CMS or files)
Basic knowledge of where your files and settings are managed
SSL certificate installed and working
Step 1: Enforce HTTPS Across Your Website
Make sure your website loads only through HTTPS.
Configure redirection so that all HTTP traffic is automatically redirected to HTTPS.
This prevents data interception and protects login information and forms.
Test by typing http://yourdomain.com and confirm it redirects to HTTPS.
Step 2: Keep Your Website Software Updated
Always update your CMS (such as WordPress or other platforms).
Update all plugins, themes, and extensions regularly.
Outdated software is the most common security vulnerability.
Remove any unused plugins or themes to reduce risk.
Step 3: Use Strong Authentication
Change default usernames (such as “admin”).
Use strong passwords that include letters, numbers, and symbols.
Enable Two-Factor Authentication (2FA) if available.
Limit the number of failed login attempts.
Step 4: Secure Website Files and Permissions
Ensure correct file permissions are applied.
Prevent public access to sensitive configuration files.
Disable directory listing to stop visitors from browsing your folders.
Restrict access to administrative directories when possible.
Step 5: Enable Website Firewall (WAF)
Activate a Web Application Firewall to filter malicious traffic.
The firewall blocks suspicious requests, bots, and attack patterns.
Configure rules to protect login pages and forms.
Monitor blocked activity regularly.
Step 6: Scan for Malware Regularly
Run scheduled malware scans on your website files.
Detect injected scripts, backdoors, or unauthorized changes.
Remove or quarantine infected files immediately.
Re-scan after cleanup to confirm the issue is resolved.
Step 7: Create Regular Backups
Perform full backups of website files and databases.
Schedule automatic backups daily or weekly depending on activity.
Store backups in a secure location separate from the main server.
Test backup restoration periodically to ensure reliability.
Step 8: Monitor Website Activity
Review access logs for unusual behavior.
Watch for repeated login attempts or unknown IP addresses.
Check file modification dates to detect unauthorized changes.
Early detection prevents major damage.
Step 9: Protect Forms and Upload Areas
Validate all user input to prevent injection attacks.
Restrict file upload types to allowed formats only.
Limit file size and scan uploads automatically.
Disable execution of scripts inside upload directories.
Step 10: Perform Routine Security Checks
Test your website regularly for vulnerabilities.
Confirm SSL is active and not expired.
Verify firewall and protection systems are functioning.
Keep a maintenance routine instead of reacting after problems occur.
Protecting a website is an ongoing process. Security is maintained through continuous updates, monitoring, and proper configuration, not by applying a single setting and assuming everything will remain safe forever.