I have developed a website. On the one hand, I want people to know my website so I want to make the website open to public access, and on the other hand,I fear that my website is not secure enough, some hackers may crack my website, besides I have not created a formal "Terms of service". How can I deal with this issue?
Considering there's no information about your website, you've made this particularly hard to answer.
First, you can create a rough draft of your Terms of Service by copying and modifying from some other site similar to your own that has a public TOS.
Second, before your site can get hacked, a hacker has to:
Now, without knowing what your site is, it makes it difficult to determine whether your site is worth hacking. Some things you should make sure you're doing are encrypting all sensitive data (if you're using PHP, salt and hash the data using the built-in MD5 function).
For more things to consider, look at this question on Stack Overflow and the first answer.
Here is a great start for your terms of service, [Automattic, the team behind wordpress, has placed] theirs under an acceptable license.
As for security, let's go over a few basics:
1. Do you store credit card info? If you do, do not pass go and do not collect $200, find a different way. Very few companies are capable of properly storing credit card info. 2. Do you have users passwords in plaintext in your db. If you do, MD5 or better is your friend use it. 3. Does the site run on a server that has a firewall installed? 4. If it is a vps, physical server etc, are all ports except 80 and possibly 443 blocked? 5. In your coding, did you use parameterized queries? If not, fix that code. 6. In your coding, do you sanitize everything passed to you from the web and HTML encode anything that the user might have entered that gets displayed in the HTML? If not, fix it. 7. Are the passwords for admin logins relatively secure? If not, fix it.
If you've got the bases above covered, you are better than a good portion of the web.
Those are the most basic steps for determining if your site is ready to go up security wise.