@2019 - All Right Reserved. Designed and Developed by Diaaju Digital Transformation
AndroidTech GuideTips & Tricks

9 tips to protect your website from hacking

by Krish Karthik
written by Krish Karthik

The Web is not just about business and big money. Billions of pages and blog posts are written every day, every second, by small website owners and bloggers looking to share their views with the world. That’s the charm of the Web: it offers space for everyone, and for all types of projects.

But the Internet is also a wild jungle: it harbors many dangers and no one is really safe from hacking, a DDOS attack or a virus. If you run a small business on the Internet, you know how important the security of your website and online transactions is.

This is a really crucial aspect to take into consideration when planning your website: How can I secure my content and my work against external threats? How can I provide the best possible user experience? These are questions you should ask yourself every time you update your website.

Tip # 1: use strong passwords

Web security experts use many methods to ensure optimal security for the web systems and transactions they work on: public key cryptography, chains of trust, signatures, SSL, and Transport Layer Security (TSL). While it is important that you familiarize yourself with cryptography, you should first start by learning how to use simple multifactor authentication tools prepared for you by experts:

  • Two Factor Authentication
  • Mini Orange Google Authenticator

Why do you need multi-factor authentication? Because you will need to know your username, your password AND your user code to access your content; otherwise, you will be denied access. This can be sent to your phone so that no one other than you can access the site.

1.Use a strong password generator to get a password that is difficult to crack, including alphanumeric characters and special symbols. The more random or pseudo-random the symbols (that is, they are not related to each other and all symbols have an equal chance of succeeding each other), the more secure the password.

2.Use a password manager like Dashlane, LastPass, Password Safe (Windows only) or Password Gorilla to save and encrypt all your passwords, which you can unlock with a Master Password , one password to control them all.

Tip # 2: Pay attention to your scripts and plugins

It is well known that website scripts and CMS platforms are the primary vehicles for hacking attacks. If you host scripts written in PHP, ASP, and JavaScript, be aware that they may have security holes and bugs that their developers might have overlooked.

In addition to contacting the developer immediately after discovering any of the above-mentioned issues, there are some non-technical methods you can use to ensure that your scripts don’t cause you trouble in the long run:

  • Read your script’s release document carefully – it often contains details about fixes and bug fixes.
  • Watch for warnings from your software installer , control panel, or even Google Webmaster Tools: if you need to update or change / delete a file, do so.
  • Do not install just any plug-in: check compatibility and security notes first

Also, and perhaps the most important factor, always keep your scripts and CMS up to date. The latest software package usually contains fixes for bugs and security issues from the previous version. Remember to make a backup of your data before any update!

Trending
Long live photo dumps

Tip # 3: Perform regular folder and control panel checks

Sometimes hackers intrude into your site slyly, and can cause major damage behind them spoof ing , media files that contain viruses, executables and re-coded web pages, etc.

Check your records regularly, at least once every two weeks, to make sure your files are not showing any problems. If you find any files that you don’t recognize, delete them immediately. If that doesn’t work, contact your web host and get help (this is when you need a good web host the most ). In such cases:

  • Change your admin panel password (and username, if possible)
  • Check all files to see if they have been damaged.
  • If you have an antivirus installed, run it.

Tip # 4: secure authentication

While it is important that you familiarize yourself with cryptography, you should first start by learning how to use simple multifactor authentication tools prepared for you by experts:

  • Two Factor Authentication
  • Mini Orange Google Authenticator

Why do you need multi-factor authentication? Because you will need to know your username, your password AND your user code to access your content; otherwise, you will be denied access. This can be sent to your phone so that no one other than you can access the site.

If you can, find an expert to tutor you as you develop your web security knowledge, or use tutorials and online courses.

Trending
CoWIN, Aarogya Setu: Here’s how to download your vaccination certificate on Android, iOS, Web

Tip # 5: beware of DDoS attacks

Distributed Denial of Service (DDoS) attacks are growing rapidly and are dangerous, as is hacking servers and replacing your services with fraudulent ones.

A DDoS attack on a server will cause its main services to malfunction, and the entire system will no longer be available to end users.

What can cause a DDoS attack

  • An open network configuration
  • Apps with bugs and not updated
  • Unsecured server configuration
  • No maintenance and / or monitoring of network activity

Inform your ISP and your web host about this form of attack. The latter can configure each server with a list of alternate DNS addresses, so that when the default DNS becomes unavailable, the entire site is still functioning.

A hacker can only achieve his ends when he manages to block ALL the servers on the list. Another countermeasure can be filtering all incoming packets with unusual delays and / or high risk IP addresses. Your web host should be aware of denial of service attacks, so discuss DDoS attack prevention with them .

Tip # 6: Secure FTP Access with SFTP

Nothing changes for you, it works like normal FTP , but SFTP, or Secure FTP, offers many advantages in terms of security:

  • It uses SSH to encrypt data and commands during file transfer.
  • It uses the public keys of the client’s server to validate the server during connection, to ensure that it is not an intermediary.
  • It is impossible for an attacker to monitor your network traffic

The problem with the usual FTP command is that it is not encrypted: all downloads to and from the server are transmitted as clear data.

To access FTP via the command line (if you are using Unix / Linux / Mac OS) you can use sftp username @ host or simply download a free FTP program that supports SFTP, such as FileZilla (open source).

Tip # 7: Learn more about SQL injection to protect yourself from it

Beware of this method of hacking, keep your scripts up to date, and contact the script developer immediately if you encounter a security breach. Here’s how to perform a simple test:

  • Enter the following SQL code in your web form (username and password):
    ‘OR’ t ‘=’ t ‘; –
    which becomes, at SQL level:
    SELECT * FROM users WHERE userid = ‘admin’ AND password = “”. OR ”t ‘=’ t ‘ ; – “
  • Does it return the contents of your database?

The code might work (we use the conditional because with a bit of luck you have installed a very safe script), since t ‘=’ t ‘is a mathematically true statement, so the SQL query will still be executed. A sophisticated hacker can build very elaborate SQL statements to accomplish their goals, so be sure to contact the script developer and get help if the script you are using is easily attackable. Or change the script.

Tip # 8: Regularly Check Your Admin Panel Logs

Your admin panel (cPanel, Plesk, etc.) comes with built-in tools for traffic analysis, access, and security logs that you need to monitor at least once a week.

If you are using cPanel, we recommend that you check your Analog Stats tool every other day, as it shows a detailed report with:

  • HTTP requests
  • Monthly, daily and hourly reports on traffic activity
  • Referrers, browsers and operating systems from which your traffic comes

log tools are the first thing you should look at when you think your website has been attacke.

Tip # 9: take regular backups

Back up your files as often as possible . With plug-ins like Updraft Plus and BackupBuddy, you can define the intervals at which your backups will be made.

What matters is that you’re constantly uploading new copies of your content, ready to be restored if something goes wrong along the way.

This article has shown you what kind of attacks your website could be subjected to, and how to fight and prevent them, but your most powerful weapon really is this: backups. This is the only way to restore your site to its original state, as if the hack had not existed.

Tip #: 10 change your connection url

If you are using WordPress as a CMS, it is possible to easily change the login url of your admin panel to no longer use / wp-admin.

Via plugins like Ithemes Security or the excellent WPS Hide Login from WPServeur, you can make this change in just a few clicks!

0 comment
0
FacebookTwitterPinterestEmail

Related Posts

IPVanish VPN – Best for Online Privacy

Types of Data breaches?

How to Remove unwanted ads, pop-ups & malware...

How to Play Android Games on Your PC...

These Android and iOS apps are temporarily free

How to remove Windows 11 activation watermark

How to buy cryptocurrency in 2022

How to delete data from your lost or...

The 9 best free apps to boost your...

The 5 best Android emulators for Windows 10...