Best instructions or how to, set up a secure website from a template?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mint 20.3 MATE, Android, Windows 10, MX Linux and Mint 21.1 MATE
Posts: 1,052
Rep:
Best instructions or how to, set up a secure website from a template?
Where can I find an excellent how to on setting up a secure website? This will contain a document, moderated blog and links, music. It must be password protected...
Cloud Linux and SSD good hosting?
Please say more about your fuctional requirements. The more moving parts the site has the less secure it can be and the more work it is to maintain. The ultimate secure site is thus valid HTML + CSS, with SSI optional, all accessible over chrooted SFTP. NO JAVASCRIPT ANYWHERE, not now not ever.
If you are aiming just for a blog with multiple authors, then maybe a static site generator would fit the bill. Hugo, Jekyll, and Pelican are popular examples. However, that would prevent visitor comments.
If you want visitors to leave comments, then don't farm that out. However, you'll need a much more complex setup, maybe even WordPress. Again, please say more about your goals for what the site will be like.
A website involves 3 distinct components: the site structure itself (HTML,CSS,PHP,javascript...), the server software (apache, nginx) and the underlying operating system (Windows, *BSD, *NIX...).
All these components should be sufficiently secure (from outside attacks I presume).
OP: this is your second thread of exactly this same topic. There is no such thing as a "secure website from a template". Web site and web application security is a process and not something you can just bolt on.
Distribution: Mint 20.3 MATE, Android, Windows 10, MX Linux and Mint 21.1 MATE
Posts: 1,052
Original Poster
Rep:
Okay, it is possible someone may disagree with my content and hack or contact the web host to take it down. I will aim to moderate all comments.So from my other thread I was informed that WP or Wix could itself take down the site. And that a web designer could help.
I'd like to publish a document with a comment box.
It really boils down to this:
Either get enough knowledge to be able to run your own server/site with enough confidence to not have to ask these fluttering insecure questions, or use a service that (claims to) doall that for you. I believe a Wordpress.com blog would fall in the latter category. Not a shabby choice.
OP: the OS running the site is irrelevant, although I am obviously partial to Linux. What really matters is the web server software (Apache, nginx, etc), how it is configured and how the web site is written: there MUST be measures taken in the code to deny xss, csrf, etc. It is not an easy, bolt-on task.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.