website security

What exactly are your security concerns? There really aren't any if you are just doing a basic HTML and CSS site. Probably the most common is a contact form that sends you an email, and that needs some security and validation. Are you planning on using a contact form?

If you're not allowing anywhere for users to upload or enter info into your website, you should have no issues.

Thanks Kevin Yes, I do plan to use a contact form? Is there a lesson here with security and validation instructions. I suppose my issue is that I don't know what I don't know, having never been here before, so hoping for guidance from those with some expertise and experience.

Yes, there are! I just went through all of this, and I'll be having a site live online soon using the techniques found here.

There are two languages for validation that you need to be aware of:

The first is Javascript or JQuery validation. JQuery is just a framework, or easier, faster way to do write and do javascript stuff. Javascript validation is more for a positive user experience. It can validate a contact form field, and show an error message if it's wrong before you even hit submit. I'm sure you've seen many forms do this before on the web. The problem with approach is that anyone can turn Javascript off in their browser settings, which than allows me to enter and submit anything I want, including bad stuff into your form and Javascript or JQuery can't, and won't stop it.

Those lessons can be found here: http://teamtreehouse.com/library/websites/build-an-interactive-website/form-validation-and-manipulation

The second language is critical. That is PHP. PHP is a language that is done on the server, so there isn't really a way to get around it. PHP can also validate, reject or remove bad things from your contact form, and it'll also be the language that sends you an email with the information entered into the form. You could get away without even doing any validation in javascript, but doing what is in the following 3 videos is a must!

You'll see that all of those lessons are part of bigger groups of lessons. If you get confused, I'd do the entire lesson group from start to finish first.

I did, I followed along as Randy did his code, and it took me basically a full morning (4hrs) to have a working and secure contact form that sent me an email.

They will also show in the videos what kinds of bad things can be entered into your form. So not only will they show how to protect from attacks, but what the attack is trying to do, and how they do it.

http://teamtreehouse.com/library/programming/build-a-simple-php-application/adding-a-contact-form

http://teamtreehouse.com/library/programming/build-a-simple-php-application/wrapping-up-the-project

http://teamtreehouse.com/library/programming/enhancing-a-simple-php-application/integrating-validation-errors

Security is always a touchy subject. From what you explained above, I would make sure that you are using strong passwords for all of your accounts related with your server and domain. Secondly, since it sounds like you have a pretty simple website, so you don't have too many security risks with just that. When it comes to having a contact form, you definitely want to include some form of captcha to weed out any bots. This is a great question though, and it's always good to take security into consideration.

Ernest Grzybowski - Sweet! I see they've made you a moderator, glad to have company in the mod section.

Thank you, Kevin and Ernest. Great suggestions. Now I have a plan!