Are HTML websites secure?

[Maria Marketing]

I have a question for you all. I was wanting to know if HTML based websites are secure?

The reason I am asking is that I am used to using Wordpress or those drag-and-drop builders (before Wordpress) and don't know a whole lot about HTML websites.

My hosting account doesn't have a lot of resources and I want to build another small website for marketing purposes and another Wordpress website will not work because they use so much resources. So, I am thinking about building a HTML based website with maybe 4-6 pages so that shouldn't use as much resources as Wordpress.

I have to admit that I don't know much about HTML so I am trying to do some research on Google and I keep coming across information saying that HTML websites are not secure. I have found other places that say it is. I am just hoping for some kind of straight answer as to how secure they are.

Again, I don't know much about HTML so this might seem like a dumb question to some but I hope it doesn't sound too silly. This is something I am trying to learn about to help me with building my websites.

Any good information or maybe links to good information with be very much appreciated.

 

[ProfMike]

That is a very loaded question. Is anything really secure in this world of mischief.

Keep in mind that HTML is a structural language, it is not meant to be secure it is meant to structure a page. It's purpose is to take your content and place it on a web page in a particular order based on how you have structured the HTML semantic markup.

So if you are asking can I protect the content that I place on an HTML page, to a point you can. If you are working with data that is being sent to a server, there are a variety of languages that work on the server side of the HTML document that can encrypt and encode information going to and from a database. These languages are not HTML, but they work with HTML. They are called server side languages. Your HTML scripting language is a client side language.

Server side languages work at the level of the server and they process information between the server and the browser. There are a bunch of them in web programming. PHP, Perl, Ruby to name a few.

Anything that communicates directly with the server should have a high level of security incorporated into it, especially if it is writing information to a database.

But getting back to your question, can you secure an HTML document visible on the web from being seen by a user. I have never been on a web page that if I wanted to see the source of that page I could not. There is no need to secure HTML, it is a structural language, and as such just puts together the structure of a page.

 

[Maria Marketing]

Thank you ProfMike for your answer.

I perhaps should be more clear as to what I was meaning. I was meaning that if I have a website that is only a handful of pages and is built with mostly HTML, will it be secure from people gaining access and being able to alter of modify the page code? Forgive me if that might sound strange, but I really don't have any expertise in HTML so I don't know much, or even how to ask what I am wanting to know correctly.

I know things like Wordpress have plugins to help with security and to help deter a would-be hacker from altering what is on a site. I just don't know if that can be done with HTML websites. Someone said something about password protecting my file folders on my server but I don't know if that is correct of not.

I do appreciate your help and I am sorry that I was not more clear with my question.

 

[ProfMike]

Your HTML code is always visible to anyone that wants to view it, but it would take someone that is really good with accessing your server, in other words they would have to break through the server security, access the root directory of your web host and then access the files from there to modify.

That is a pretty good challenge for most people. Getting through server security, if your server is properly maintained would be quite difficult.

You can always protect your folders on the web server but if someone is good enough to get to that level of the server, I would have to guess that protecting the file folders would be kind of fruitless. Make sure that you have a good .htaccess file in the root of your web site and you should be fine.

Protecting the database from hostile access is a completely different story. The security that you are seeing with WordPress most of that pertains to protecting the data from hostile access. You have to remember most of the information on those sites is dynamic.

I hope this helps.

 

[Maria Marketing]

Thank you again, that makes me feel better.

I know people can see the code but I just didn't know if they had a way to get into my files and alter the code. I had seen different things around that got me worried but there is never clear answers it seems.

I just wanted some kind of good information whilst achieving a level of comfort before I go further into my decision. You have helped set my mind at ease, thank you for that and your time.

 

[Dean]

In addition to the information that Mike gave you above, I would add that if you want your site to be secure I would make sure that you are using a host with good security measures in place. This goes for all sites and not just HTML.

I had some sites with one of my hosting companies that kept getting damaged/altered because someone was easily able to access the files on the server at my host. I have always taken good security measures and never had this happen anywhere else but with this one place. I won't say who but it was an EIG owned hosting company. Google them and you'll see that they are a headache to say the least.

So just make sure you have a host with a good reputation and has good security for their servers.

Cheers, Dean

 

[Maria Marketing]

In addition to the information that Mike gave you above, I would add that if you want your site to be secure I would make sure that you are using a host with good security measures in place. This goes for all sites and not just HTML.

I had some sites with one of my hosting companies that kept getting damaged/altered because someone was easily able to access the files on the server at my host. I have always taken good security measures and never had this happen anywhere else but with this one place. I won't say who but it was an EIG owned hosting company. Google them and you'll see that they are a headache to say the least.

So just make sure you have a host with a good reputation and has good security for their servers.

Cheers, Dean

Thanks for the extra information Dean.

Is there a way to know if a hosting company has a good or bad reputation? Do I just do some web searches?

 

[Dean]

Thanks for the extra information Dean.

Is there a way to know if a hosting company has a good or bad reputation? Do I just do some web searches?

You are welcome Maria.

I think the best way to know if a hosting company is to get some opinions of people that have used that company. Though that's not always possible so I would just do some research and see what you can find out about the company on Google or one of the other SE's.

Hope this helps.

Cheers, Dean

 

[unixguru]

Since there is no script involved in an HTML site, the main way a hacker might gain access would be through your FTP or Control Panel credentials, so ensure that your password is complex and not a dictionary word or even based on a single dictionary word.
Wordpress sites are often hacked because the site's code isn't updated fast enough after a vulnerability has been made known.
HTML as such has no vulnerability, so it hasn't got the same attack vector.

 

[ulterios]

a hacker might gain access would be through your FTP or Control Panel credentials

I have had several friends who actually had gone through this in the last few months and had a huge mess to clean up and fix. One of them used a common nickname for his real name as his CP and FTP credentials and he added the current year to have numbers.

I asked him why he used such common things and he said he used them because they were easy for him to remember. I told him that it was also easy for a hacker to get in because of his "Easy to remember" credentials.

His site was an eCommerce site and he had all kinds of orders screwed up as well as customer information was compromised.

I think that way too many people think about the quality of their credentials AFTER they have had something go wrong when they should be thinking about that before something goes wrong!

 

[Dean]

Since there is no script involved in an HTML site, the main way a hacker might gain access would be through your FTP or Control Panel credentials, so ensure that your password is complex and not a dictionary word or even based on a single dictionary word.
Wordpress sites are often hacked because the site's code isn't updated fast enough after a vulnerability has been made known.
HTML as such has no vulnerability, so it hasn't got the same attack vector.

So an HTML website can be more secure than a Wordpress website or just more secure than a Wordpress website that isn't kept updated?

 

[John11]

So an HTML website can be more secure than a Wordpress website or just more secure than a Wordpress website that isn't kept updated?

HTML is much more secure because there is only one way to infect an HTML and that is through either the hosting provider or FTP (SFTP, FTPS etc). In HTML you don't have to update the core files and you also don't have any plugins or themes to update. WordPress is mostly hacked because users use insecure or outdated third party plugins and these third party plugins cause security vulnerabilities.

 

[Dean]

HTML is much more secure because there is only one way to infect an HTML and that is through either the hosting provider or FTP (SFTP, FTPS etc). In HTML you don't have to update the core files and you also don't have any plugins or themes to update. WordPress is mostly hacked because users use insecure or outdated third party plugins and these third party plugins cause security vulnerabilities.

Ok, I understand you.

That's why all those Wordpress enthusiasts will tell you to keep your site updated.

 

[bjdea1]

To be honest - NOT REALLY. They can be secured to a point where its unlikely you'd ever get hacked, but there is no guarantee. Software keeps getting updated and replaced. Because of this new bugs keep appearing and this will never change imho. One way to give yourself a more secure website is to code the software all yourself. Most hackers attack the most popular "Open Source" software. So if you code your own software, the hackers will not know how to break in.

 

[Maria Marketing]

To be honest - NOT REALLY. They can be secured to a point where its unlikely you'd ever get hacked, but there is no guarantee. Software keeps getting updated and replaced. Because of this new bugs keep appearing and this will never change imho. One way to give yourself a more secure website is to code the software all yourself. Most hackers attack the most popular "Open Source" software. So if you code your own software, the hackers will not know how to break in.

My problem is that I don't know how to do the code myself. I was planning on trying to take some courses or something sometime but I have not done it yet.

 

[ulterios]

My problem is that I don't know how to do the code myself. I was planning on trying to take some courses or something sometime but I have not done it yet.

Learning some coding, even if it's just the basics, can help you more often than you might think that it will. There are several places that you can get beginners courses to start you off and teach you some of the basics.

You can even find some videos on YouTube with some decent information to help you learn some of the basics to get you started.

 

[Maria Marketing]

Learning some coding, even if it's just the basics, can help you more often than you might think that it will. There are several places that you can get beginners courses to start you off and teach you some of the basics.

You can even find some videos on YouTube with some decent information to help you learn some of the basics to get you started.

I would really be starting from the beginning since I do not know anything. I keep thinking that it would be too hard for someone like me to learn enough given the amount of time I could put into it.

 

[boxiii]

I don't think that it is quite secured because it is quite simple and easy for hackers to hack it.

 

[Maria Marketing]

I don't think that it is quite secured because it is quite simple and easy for hackers to hack it.

Can't you put some code in to help make it more secure?

 

[sam.hunt0710]

This Article is a good read for making your HTML websites more secure.

1.Keep All Software Updated
2.Build Layers of Security Around Your Site
3.Switch to HTTPS
4.Use Strong Passwords, Change Regularly
5.Make Admin Directories Tough to Spot