How to protect your website from Hackers?

by jay patel




Every day brings with it news of a brand new leak of personal data over the Internet. Be it credit card information belonging to millions of users or their email IDs and passwords, personal nude images of celebrities or even top secret classified government information— the world of hackers has democratized the internet and its lack of security at every possible level.

Hackers can turn your nondescript website into a malicious spy bot in a matter of minutes, sending sensitive user data to hackers without your even realizing it. Worse, they can hack into your website databases and destroy or manipulate important information, injecting your content with malicious links and even hijack the hosting server to be used in botnet DDoS attacks.

Here some Tips that you can do to secure your website from hackers:

01. Remain software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

If your site uses third party plugins, keep track of their updates and ensure that these are updated on time as well. Often, many sites include plugins that fall into disuse over time. Clean out your website of any unused, old and non-updated plugins — they are sitting ducks for hackers to be used as a gateway to enter your site and wreak havoc on it.

Further, sign up for a newsletter and constantly read emails for reviving your obsolete software.

02. USE HTTPS

Invest in HTTPS to safeguard your website by encrypting the transmitted information and saving it from intrusion and other malware activities.

HTTPS or Hyper Text Transfer Protocol Secure is a secure communications protocol that is used to transfer sensitive information between a website and a web server. Moving your website to the HTTPS protocol essentially means adding an encryption layer of TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to your HTTP making your users’ and your own data extra secure from hacking attempts.

http-vs-https-beveiligde-internet-verbinding.png

 

03. Use Powerful Passwords, Alter Regularly

Using strong passwords is an effective way to limit if not completely eliminate brute force and dictionary attacks. Strong passwords are not just a requirement for your email or financial transactions online, they are also imperative for your website server, admin and database passwords.

Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long to prevent brute force attacks.

stromg-password.png

 

04. Keep backing up your site frequently

Just in case the worst happens anyway, keep everything backed-up. A backup of everything is a useful step and should be practiced in their day to day lives. Considering the websites, the webmaster should have a backup of his existing site because, in case of any malicious activity or cyber attack, he should be able to recover his website after all of the damages which have occurred during the cyber activities.

05. Tighten network security

Computer users in your office may be inadvertently providing an easy access route to your website servers. Ensure that:

  • Logins expire after a short period of inactivity.
  • Passwords are changed frequently.
  • Passwords are strong and NEVER written down.
  • All devices plugged into the network are scanned for malware each time they are attached.

06. File uploads

File uploads are a major concern. No matter how thoroughly the system checks them out, bugs can still get through and allow a hacker unlimited access to your site’s data. The best solution is to prevent direct access to any uploaded files. Store them outside the root directory and use a script to access them when necessary. Your web host will probably help you to set this up.

07. Hide admin pages

You do not want your admin pages to be indexed by search engines, so you should use the robots_txt file to discourage search engines from listing them. If they are not indexed then they are harder for hackers to find. This tutorial from SEObook.com is all the help you will need.

To conclude:

Implement at least these basic steps right away, to avoid being a soft target for malicious hackers.



Leave a Reply

Your email address will not be published. Required fields are marked *

   Confirm you are not a spammer
   Notify me of follow-up comments by email.