Are HTML websites secure?

Are HTML websites secure?

Discussion in 'Web Programming' started by Maria Marketing, May 26, 2016.

Tags:
  1. Maria Marketing

    Maria Marketing Active Member

    Messages:
    394
    Likes Received:
    58
    Trophy Points:
    28
    Ratings:
    +59 / 0 / -0
    I have a question for you all. I was wanting to know if HTML based websites are secure?

    The reason I am asking is that I am used to using Wordpress or those drag-and-drop builders (before Wordpress) and don't know a whole lot about HTML websites.

    My hosting account doesn't have a lot of resources and I want to build another small website for marketing purposes and another Wordpress website will not work because they use so much resources. So, I am thinking about building a HTML based website with maybe 4-6 pages so that shouldn't use as much resources as Wordpress.

    I have to admit that I don't know much about HTML so I am trying to do some research on Google and I keep coming across information saying that HTML websites are not secure. I have found other places that say it is. I am just hoping for some kind of straight answer as to how secure they are.

    Again, I don't know much about HTML so this might seem like a dumb question to some but I hope it doesn't sound too silly. This is something I am trying to learn about to help me with building my websites.

    Any good information or maybe links to good information with be very much appreciated. :)
     
    Loading...
  2. ProfMike

    ProfMike Active Member

    Messages:
    186
    Likes Received:
    73
    Trophy Points:
    28
    Ratings:
    +88 / 0 / -0
    That is a very loaded question. Is anything really secure in this world of mischief.

    Keep in mind that HTML is a structural language, it is not meant to be secure it is meant to structure a page. It's purpose is to take your content and place it on a web page in a particular order based on how you have structured the HTML semantic markup.

    So if you are asking can I protect the content that I place on an HTML page, to a point you can. If you are working with data that is being sent to a server, there are a variety of languages that work on the server side of the HTML document that can encrypt and encode information going to and from a database. These languages are not HTML, but they work with HTML. They are called server side languages. Your HTML scripting language is a client side language.

    Server side languages work at the level of the server and they process information between the server and the browser. There are a bunch of them in web programming. PHP, Perl, Ruby to name a few.

    Anything that communicates directly with the server should have a high level of security incorporated into it, especially if it is writing information to a database.

    But getting back to your question, can you secure an HTML document visible on the web from being seen by a user. I have never been on a web page that if I wanted to see the source of that page I could not. There is no need to secure HTML, it is a structural language, and as such just puts together the structure of a page.
     
    • Informative Informative x 1
    • Useful Useful x 1
    • List
  3. Maria Marketing

    Maria Marketing Active Member

    Messages:
    394
    Likes Received:
    58
    Trophy Points:
    28
    Ratings:
    +59 / 0 / -0
    Thank you ProfMike for your answer.

    I perhaps should be more clear as to what I was meaning. I was meaning that if I have a website that is only a handful of pages and is built with mostly HTML, will it be secure from people gaining access and being able to alter of modify the page code? Forgive me if that might sound strange, but I really don't have any expertise in HTML so I don't know much, or even how to ask what I am wanting to know correctly.

    I know things like Wordpress have plugins to help with security and to help deter a would-be hacker from altering what is on a site. I just don't know if that can be done with HTML websites. Someone said something about password protecting my file folders on my server but I don't know if that is correct of not.

    I do appreciate your help and I am sorry that I was not more clear with my question.
     
  4. ProfMike

    ProfMike Active Member

    Messages:
    186
    Likes Received:
    73
    Trophy Points:
    28
    Ratings:
    +88 / 0 / -0
    Your HTML code is always visible to anyone that wants to view it, but it would take someone that is really good with accessing your server, in other words they would have to break through the server security, access the root directory of your web host and then access the files from there to modify.

    That is a pretty good challenge for most people. Getting through server security, if your server is properly maintained would be quite difficult.

    You can always protect your folders on the web server but if someone is good enough to get to that level of the server, I would have to guess that protecting the file folders would be kind of fruitless. Make sure that you have a good .htaccess file in the root of your web site and you should be fine.

    Protecting the database from hostile access is a completely different story. The security that you are seeing with WordPress most of that pertains to protecting the data from hostile access. You have to remember most of the information on those sites is dynamic.

    I hope this helps.
     
  5. Maria Marketing

    Maria Marketing Active Member

    Messages:
    394
    Likes Received:
    58
    Trophy Points:
    28
    Ratings:
    +59 / 0 / -0
    Thank you again, that makes me feel better.

    I know people can see the code but I just didn't know if they had a way to get into my files and alter the code. I had seen different things around that got me worried but there is never clear answers it seems.

    I just wanted some kind of good information whilst achieving a level of comfort before I go further into my decision. You have helped set my mind at ease, thank you for that and your time. :)
     
  6. Dean

    Dean Active Member

    Messages:
    816
    Likes Received:
    133
    Trophy Points:
    43
    Ratings:
    +144 / 0 / -0
    In addition to the information that Mike gave you above, I would add that if you want your site to be secure I would make sure that you are using a host with good security measures in place. This goes for all sites and not just HTML.

    I had some sites with one of my hosting companies that kept getting damaged/altered because someone was easily able to access the files on the server at my host. I have always taken good security measures and never had this happen anywhere else but with this one place. I won't say who but it was an EIG owned hosting company. Google them and you'll see that they are a headache to say the least.

    So just make sure you have a host with a good reputation and has good security for their servers.

    Cheers, Dean
     
  7. Maria Marketing

    Maria Marketing Active Member

    Messages:
    394
    Likes Received:
    58
    Trophy Points:
    28
    Ratings:
    +59 / 0 / -0
    Thanks for the extra information Dean. :)

    Is there a way to know if a hosting company has a good or bad reputation? Do I just do some web searches?
     
  8. Dean

    Dean Active Member

    Messages:
    816
    Likes Received:
    133
    Trophy Points:
    43
    Ratings:
    +144 / 0 / -0
    You are welcome Maria.

    I think the best way to know if a hosting company is to get some opinions of people that have used that company. Though that's not always possible so I would just do some research and see what you can find out about the company on Google or one of the other SE's.

    Hope this helps.

    Cheers, Dean
     
  9. unixguru

    unixguru New Member

    Messages:
    21
    Likes Received:
    7
    Trophy Points:
    3
    Ratings:
    +8 / 0 / -0
    Since there is no script involved in an HTML site, the main way a hacker might gain access would be through your FTP or Control Panel credentials, so ensure that your password is complex and not a dictionary word or even based on a single dictionary word.
    Wordpress sites are often hacked because the site's code isn't updated fast enough after a vulnerability has been made known.
    HTML as such has no vulnerability, so it hasn't got the same attack vector.
     
    • Informative Informative x 1
    • List
  10. ulterios

    ulterios Global Mod

    Messages:
    710
    Likes Received:
    170
    Trophy Points:
    43
    Ratings:
    +194 / 1 / -0
    I have had several friends who actually had gone through this in the last few months and had a huge mess to clean up and fix. One of them used a common nickname for his real name as his CP and FTP credentials and he added the current year to have numbers.

    I asked him why he used such common things and he said he used them because they were easy for him to remember. I told him that it was also easy for a hacker to get in because of his "Easy to remember" credentials.

    His site was an eCommerce site and he had all kinds of orders screwed up as well as customer information was compromised.

    I think that way too many people think about the quality of their credentials AFTER they have had something go wrong when they should be thinking about that before something goes wrong! ;)
     
  11. riyanamoss

    riyanamoss New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0 / 0 / -0
    Hello, I agree with unixguru. Html site are less safe and by some source code security analysis tools they may get into your website credentials.
     
  12. Dean

    Dean Active Member

    Messages:
    816
    Likes Received:
    133
    Trophy Points:
    43
    Ratings:
    +144 / 0 / -0
    So an HTML website can be more secure than a Wordpress website or just more secure than a Wordpress website that isn't kept updated?
     
  13. John11

    John11 New Member

    Messages:
    28
    Likes Received:
    8
    Trophy Points:
    3
    Ratings:
    +8 / 0 / -0
    HTML is much more secure because there is only one way to infect an HTML and that is through either the hosting provider or FTP (SFTP, FTPS etc). In HTML you don't have to update the core files and you also don't have any plugins or themes to update. WordPress is mostly hacked because users use insecure or outdated third party plugins and these third party plugins cause security vulnerabilities.
     
  14. Dean

    Dean Active Member

    Messages:
    816
    Likes Received:
    133
    Trophy Points:
    43
    Ratings:
    +144 / 0 / -0
    Ok, I understand you.

    That's why all those Wordpress enthusiasts will tell you to keep your site updated.