Safety and security on Internet – clearer picture

I think this is a topic of great importance but mostly ignored by this forum, in comparison with a flood of purely technical, minuscule, very detailed, RW-centric issues.

When any new set of rules, like GDPR, comes to life, many (if not most) web developers get pissed, because they see them as a set of complications (if not blockades) on their path.

I say, security is not that complicated, if treated not as something to comply with, but rather something to strive for. Make it an inseparable part of website development – at an early stage. Complicated is cleaning up the mess after a security breach which shouldn’t happen in the first place. So, start with getting a SSL certificate for your website (free) from Let’s Encrypt (many hosting companies provide that as part of their service). I suppose, this is obvious for all of us. What’s less obvious is the fact that getting a SSL certificate is just the first step towards making our sites safe and secure.

Luckily, every one of us can now have a guide to creating and maintaining safe and secure websites, for free – compliments of EDRi (European Digital Rights).

In addition to that, I’d suggest for everyone to subscribe to security news feeds, like Naked Security and/or Krebs On Security. These are recommended not only for web developers but for every person that ever uses Internet. Here are some links for RSS feeds:

And how to take advantage of these security news feeds? If you are not using a RSS-reader yet, I recommend to download and install one. My favored one is Net News Wire (requires macOS 10.14.4 or newer). Here’s a review of that reader on CSS-Tricks.


P.S. There is also a “Privacy Framework” guide issued by the US government’s NIST (National Institute of Standards and Technology) agency. This Framework is purely instructional and voluntary to follow.

The article describing the NIST Privacy Framework can be found here: