If your website’s security is important to you, the recently released EverWeb 3.6 will be a crucial update for you. As you may know, EverWeb Site Shield Addon gives you the best website security with only a few mouse clicks.
EverWeb Site Shield does all the work for you so that you don’t need to spend the time and effort to make sure that your site is secure. All you need to do is make a few choices in a couple of dialog boxes and you’re set to go. Site Shield Addon even converts your site from non-secure HTTP one into a secure HTTPS site through just a couple of mouse clicks.
In EverWeb 3.6, the scope and depth of Site Shield Addon been improved upon through enhanced security options helping protect your website, its visitors and with the additional benefit of improving your site’s search engine rankings.Here’s what’s new…
Accessing EverWeb Site Shield Addon’s Features
Site Shield Addon’s features are all available from the EverWeb’s Site Publishing Settings screen and is available exclusively to EverWeb+Hosting customers. Open your website project file if it’s not already open then click on your website name in the Web Page List, or using the File-> Edit Publishing Settings menu option. To activate Site Shield Addon, check the ‘Use HTTPS Secure URLs’ button if it is not already checked. If you have not purchased Site Shield Addon yet, you will be prompted to do so at this point or to cancel. Follow the instructions as necessary to complete your purchase. Once you have checked the ‘Use HTTPS…’ field, Site Shield Addon’s features will be enabled and will be triggered when you publish your site. Please refer to this Site Shield Addon blog post for more information about these features. You will also notice that the ‘Advanced’ button to the right of the checked field now becomes available to use. If you don’t see the button, check that you are using EverWeb 3. or higher. If you need to upgrade your version of EverWeb, use the EverWeb-> Check for Updates… menu option to do so.
In Everweb 3.6, or higher, clicking on the ‘Advanced…’ button next the ‘Use HTTPS Secure URLs’ checkbox to call up the follow features
EverWeb Site Shield Addon’s Advanced Website Security Features
Site Shield Addon’s advanced feature are grouped in to two sets. the first group contains options that you can toggle on an off without causing permanent changes to your site, so these are more general options… the second set of options contains two options that may make permanent changes to your site so caution is advised when using these.
To activate the settings, check the ‘Enable Enhanced Website Security’ box. You’ll immediately see that EverWeb has already checked the first three options which it sees as being essential to your site’s security. For all of the available options there is help available using the Help button beside each option. Let’s look at the first four options…
- Prevent 3rd Party Sites from Embedding Your Website: This option will prevent any other site from trying to embed your website in their site, which is a way that malicious sites use to try to trick visitors into giving away their personal information. When using this option malicious sites will not be able to impersonate your site, steal your search engine rankings or be able to mislead your potential visitors.
- Prevent content type interpretations: The second option does not allow browsers to interpret the type of content they’re accessing from your website. This is a useful option if someone should upload a malicious script to your site. In this case, the script won’t executed as it’s not ‘interpreted’.
- Enable XSS Protection: If your visitors use older web browsers this option will prevent cross site scripting hacks that can be employed to steal visitor data.
- Secure Referrer Policy: This option is not checked by default as it’s possible it may block data that you might want to see in your website stats software. However, it is still an important security option which blocks the re-refering URL from being sent to the following website if the protocol switches from secure HTTPS urls to insecure HTTP urls which can help protect your visitor data.
The second set of options can have more impact on your site leading to permanent changes and could potentially cause problems in loading your site. As such, it’s important that you consider these options carefully before implementing them:
- Content Security Policy: Use this option will block access to resources that your visitors don’t need to have access to. Content Security Policy includes a Test mode and a Production mode so that you can check your site before publishing. When using Test mode, any issues that may occur are reported in the error console of your web browser. This means that you can see if any of your content is not loading that should be loaded. It’s recommend to use Test mode first and watch the error console. Issues that occur will only be those where third party widgets use insecure content. For further assistance on this feature EverWeb recommends that contacting EverWeb Customer Support.
- HTTPS Strict Transport Security: The last advanced security option will make sure that your website will never work if the HTTPS certificate is removed or if you happen to have a non secure url on your website. When using this option, your visitor will be told that their web browser should not be able to access any resource that is not over HTTPS. Importantly, once this option has been enabled you will not be able to turn off HTTPS urls which you would probably not want to do anyway.
EverWeb’s updated Site Shield Addon has some truly advanced security options for your website and we would recommend that all of the options listed are enabled as this would give you the most secure website possible. However, in the real world there may be options you will not want to set depending on your website needs, and your reporting and stats needs.