EverWeb Site Shield Adds Awesome New Security Features!
Wednesday, February 16th, 2022We introduced EverWeb Site Shield Addon in 2017 giving EverWeb+Hosting customers the ability to end to end data encrypt their websites in just a couple of mouse clicks. In our latest update, EverWeb version 3.6, we’ve added a slew of enhanced new features to Site Shield Addon, to make your website as secure as it possibly can be!
EverWeb Site Shield Addon uses HTTPS to bring end to end data encryption between the EverWeb Sever hosting your site and your visitor’s browser window. Using EverWeb Site Shield Addon can even help improve your SEO rankings as Google (and other search engines) give data encrypted websites a rankings boost over non-secure websites.
Make Your Website’s Security Easy To Implement
Understanding how to secure your website properly can be a long, difficult task. Using EverWeb Site Shield Addon simplifies these tasks making it extremely easy for you to implement advanced security options for your website. All the enhanced features options are clearly explained, making it easy for you to choose the best options for your site’s security.
If you are using Everweb 3.6, or higher, when you publish your website, click on the ‘Advanced…’ button next the ‘Use HTTPS Secure URLs’ checkbox in the Site Publishing Settings screen to see all of the available enhanced website security options. If the ‘Advanced’ button is not highlighted, you will first need check the ‘Use HTTPS Secure URLs’ checkbox. The ‘Advanced’ options are grouped in to two sections. The first section contains options that are non-website specific so are safe to apply without causing permanent changes to your site. The second set of options can result in permanent changes to your site. Below is an explanation of all of the options…
General Enhanced Website Security Options
When you tick the ‘Enable Enhanced Website Security’ checkbox, all of Site Shield Addon’s Advanced options become available. By default, the first three options are already checked as this is our recommended minimum security implementation advice. The first four options are:
- Prevent 3rd Party Sites From Embedding Your Website: The first option prevents any other site from trying to embed your website in theirs which is trick which can lead your visitors having their personal information stolen. By using this option, you can make sure that malicious sites cannot try to impersonate your site, steal your search engine rankings and/or mislead your potential visitors.
- Prevent Content Type Interpretations: The second option will not allow browsers to interpret the type of content they are accessing from your website. For example, should someone upload a malicious script to your site, using this Site Shield Addon option can help make sure the code is not executed.
- Enable XSS Protection: The third option protects visitors to your site who are using older web browsers from ‘cross site scripting’ (XSS) hacks which can be used to steal their data.
- Secure Referrer Policy: The last option is not enabled by default because it may block data that you may want to see in your website stats software, however, it is an important security enhancement. By using this option, you will block the re-refering url from being sent to the following website if the protocol switches from secure HTTPS urls to insecure HTTP urls which can help protect your visitor data.
Powerful Website Security Options: Use With Caution…
The second section contains two options. These are more powerful security tools but can cause website loading issues. For this reason, we have included a Test mode and Production mode for the Content Security Policy option.
- The Content Security Policy: This option will block access to resources that your visitors do not need access to. While in test mode, any issues will simply be reported in the error console of your web browser. That way you can see if any content is not loading that should load. We recommend that you use test mode first and watch the error console. This will only be an issue if you are using third party widgets that are using non-secure content. If you need help, please contact EverWeb customer support.
- HTTPS Strict Transport Security: This is an option that makes it so that your website will never work if the HTTPS certificate is removed or if you happen to have a non secure url on your website. It tells your visitor that their web browser should not be able to access any resource that is not over HTTPS. Once you enable this option you will not be able to turn off HTTPS urls which you would probably not want to do anyways.
Our Recommendation…
We recommend that all of the Enhanced Security options are enabled as this offers the most secure website and doing so may also give you a boost to your websites’s search engine rankings. However, you should also consider the possible impact of your choosing all options, especially the last two options, on your sites, your website stats or the possibility of downgrading your website from HTTPS to HTTP in future.
EverWeb Site Shield Addon: Available Now!
You can easily purchase EverWeb Site Shield Addon immediately if you have not done so already. Just go to the Site Publishing screen in your EverWeb project file then check the ‘Use HTTPS Secure URLs’ checkbox. You will then be guided through the purchase steps. After your purchase has been confirmed, publish your site using the File-> Publish Entire Site menu option to secure your website!
If you have an EverWeb+Hosting Plan of 10GB, or higher, EverWeb Site Shield Addon is free. For other EverWeb+Hosting plans, Site Shield Addon is available at $39.95 USD/Year. If you have purchased Site Shield Addon prior to the release of EverWeb 3.6 your yearly renewal price remains at $29.95 USD/Year.
For more information, or if you have any questions, please contact EverWeb Customer Support.