Keep Your Website Safe From Hackers with these Easy Steps
Running a safe website is very important. Nothing is probably more frustrating than waking up to find that your website has been defaced, wiped off or seriously compromised by an attacker. Just as you want to keep our website safe from hackers, so also the attackers are devising more ways to pull down websites over the net.
Attacks against websit ehas increased overtime especially for content management systems (CMS) whose vulnerabilites are higher because of loads of applications that run on CMSs..
But there are ways to mitigate these attacks and stay safe. We shall look at recommended ways to deal with this problem.
1. Maintain a Healthy Backup
The importance of a backup cannot be overstreched. Backups are the only way you can be sure of getting back your website to a healthy state when everything goes bad and cannot be fixed. Because problems can occur at anytime from ecploitation, some changes to your code, an update and even an installation can skew tings up against you, when you try to fix problems and you are unable to get it right the obly thing you can fall back on to have your website restored to a healthy state is to have your backup restored. At least from there you can attempt to correct or re-run your updates. Making changes to your website without having a healthy backup in place is extremely risky.
2: Be up-to-date
Running up to date softwares is oneway to be secure. Latest versions of the platforms and scripts powering your website are usually secure and so keeping up with the latest versions of platforms and scripts keep you secure.. Again keeping in mind that most of the popular tools are created as open-source software programs, their code are easily available to the users including hackers who have the capacity to detect security loopholes that can give them clues to vulnerabilities and possible areas through which they can exploit your website, running the latest versions will keep you in tune with security and protect you from vulnarabilities and attacks.
Take an eample from WordPress a common and most popular content management system.. If you’re running a website built on WordPress, both your base WordPress installation and any third-party plugins you’ve installed are potentially vulnerable to these types of attacks. Making sure you always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way.
Knowing when an update is available is quite easy. With most content management systems (CMS) like WordPress Joomla Opencart and many more users can check if their is an update when they log in to their CMS dashboard. Joomla will notify you with an email wneh an update to the core is available. This feature can be disabled in Joomla from the plugin manager..
3: Install security plugins
The use of plugins make things quite easy.. Once you have your script updated you can further strenghten your security by installing security plugins. Security plugins actively prevent against hacking attempts. But you need to be careful when choosing plugins to install because some plugins have themselves not been updated and may not be compatible with your script. This check may be useful in helping you choose a safe plugin to install on your website:
- Check version compatibility. You must check to be sure your plugin is compatible with your version. If not update your plugin or get an alternative.
- Check reviews. We recommend that you patiently review the user comments and investigate every negative review because some plugins have been developed by people who infuse malicious codes that can create security probelms. So note that not all plugins shoulld be installed on your website.
- Consider plugin source. The credibility of the developer should be taken seriouslyy in deciding wether to install or not to install a plugin.
Some Security Plugins for popular CMS
Let's now look at some of the tested plugins used for the security of the most common content management systems (CMS).
The iThemes Security plugin for WordPress is touted as the most outstanding and most effective security plugin for WordPress. That can be seen as a big claim. However for a free plugin with over 30 features to protect your site, iThemes is one plugin to be taken seriously and had been proven to be very effective in protecting a WordPress site. Anothing rating that goes for this plugin is the user rating giving it a rating of 4.7 out of 5 with downloads approaching 4 million. It's recommended for WordPress security.
This plugin is also very good and recommended for WordPress Security Protection. Its features include Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam & much more.
BulletProof Security is free but also has a paid version with additional features. Its basic free version has these Features:
- One-Click Setup Wizard
- Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)
- MScan Malware Scanner
- .htaccess Website Security Protection (Firewalls)
- Hidden Plugin Folders|Files Cron (HPF)
- Login Security & Monitoring
- JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)
- Idle Session Logout (ISL)
- Auth Cookie Expiration (ACE)
- DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups
- DB Table Prefix Changer
- Security Logging
- HTTP Error Logging
- FrontEnd|BackEnd Maintenance Mode
- UI Theme Skin Changer (3 Theme Skins)
- Extensive System Info
Joomla Security Plugin
**Centrora Security **is modified from OSE Firewall Security. It has a built-in Malware and Security Scanner which helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities.
It is advantageous in several aspects.. It utilises high speed dedicated servers for the virus scanning and Backup. It provides up to 10 GB of cloud space to store your backups. The efficiency of scanners like MD5 Hash scanner, Core Directory scanner Vulnerability scanner and Dynamic Virus scanner is another plus for this plugin which comes with a revamped Used interface(UI).
4. Use HTTPS
You may already know that the green bar or the https starting a url is a sign of security. That is true. It is applied to website that use the SSL security.and had been a signal that a website is safe to provide financial information on that particular webpage.
5: Use parameterized queries
SQL injjections are one of the most common website hacks many sites fall victim to. Inections occur when outside users can supply information into your website without permission. If you leave the parameters of the field too open, someone could insert code into them that lets them hack into your database, which may well contain sensitive customer information, like their contact info or credit card numbers.
There are a number of steps you can take to protect your website from SQL injection hacks; one of the most important and easiest to implement is the use of parameterized queries. Using parameterized queries ensures your code has specific enough parameters so that there’s no room for a hacker to mess with them.
6: Use CSP
Part of the fight to protect your site from XSS attacks is similar to the parameterized queries you use for SQL injections. You should make sure any code you use on your website for functions or fields that allow input are as explicit as possible in what’s allowed, so you’re not leaving room for anything to slip in.
Another tool you have to protect yourself from XSS is Content Security Policy (CSP). CSP allows you to specify the domains a browser should consider valid sources of executable scripts when on your page, so the browser knows not to pay attention to any malicious script that might infect your visitor’s computer.
7: Secure your passwords
You may have well known about this and how to go about it because we have quite often talked about it. It is very important and we have well taked about password security and provided a guide in this article.
8: Lock down your directory and file permissions
All websites can be boiled down to a series of files and folders that are stored on your web hosting account. Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong.
On the Linux operating system, permissions are viewable as a three-digit code where each digit is an integer between 0-7. The first digit represents permissions for the owner of the file, the second digit represents permissions for anyone assigned to the group that owns the file, and the third digit represents permissions for everyone else. The assignations work as follows:
4 equals Read
2 equals Write
1 equals Execute
0 equals no permissions for that user
As an example, take the permission code “644.” In this case, a “6” (or “4+2”) in the first position gives the file’s owner the ability to read and write the file. The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations.
So, a file with “777” (or 4+2+1 / 4+2+1 / 4+2+1) permissions would then readable, write-able, and executable by the user, the group and everyone else in the world.
Therefore a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one which has been locked down in order to reserve all rights for the owner alone.
For this reason, a good rule of thumb is to set your permissions as follows:
Folders and directories = 755
Individual files = 644
To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP. Once inside, you’ll see a list of your existing file permissions from the right and just click on them to alter accordingly.