Keep Your Website Safe From Hackers with these Easy Steps

Running a safe website is very important. Nothing is probably more frustrating than waking up to find that your website has been defaced, wiped off or seriously compromised by an attacker. Just as you want to keep our website safe from hackers, so also the attackers are devising more ways to pull down websites over the net.

Also read:

Website Security: A Guide For Shared Web Hosting Accounts

How to secure your website from attacks using the .htaccess file

Attacks against websit ehas increased overtime especially for content management systems (CMS) whose vulnerabilites are higher because of loads of applications that run on CMSs..

But there are ways to mitigate these attacks and stay safe. We shall look at recommended ways to deal with this problem.

1. Maintain a Healthy Backup

The importance of a backup cannot be overstreched. Backups are the only way you can be sure of getting back your website to a healthy state when everything goes bad and cannot be fixed. Because problems can occur at anytime from ecploitation, some changes to your code, an update and even an installation can skew tings up against you, when you try to fix problems and you are unable to get it right the obly thing you can fall back on to have your website restored to a healthy state is to have your backup restored. At least from there you can attempt to correct or re-run your updates. Making changes to your website without having a healthy backup in place is extremely risky.

Also read:

Website Security: A Guide For Shared Web Hosting Accounts

6 Ways to Protect Your Website From Security Hacks

How to prevent Spam on Your Joomla Website

How to Prevent an Exploitation of Your Website by An Attacker

2: Be up-to-date

Running up to date softwares is oneway to be secure. Latest versions of the platforms and scripts powering your website are usually secure and so keeping up with the latest versions of platforms and scripts keep you secure.. Again keeping in mind that most of the popular tools are created as open-source software programs, their code are easily available to the users including hackers who have the capacity to detect security loopholes that can give them clues to vulnerabilities and possible areas through which they can exploit your website, running the latest versions will keep you in tune with security and protect you from vulnarabilities and attacks.

Take an eample from WordPress a common and most popular content management system.. If you’re running a website built on WordPress, both your base WordPress installation and any third-party plugins you’ve installed are potentially vulnerable to these types of attacks.  Making sure you always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way.

Knowing when an update is available is quite easy. With most content management systems (CMS) like WordPress Joomla Opencart and many more users can check if their is an update when they log in to their CMS dashboard. Joomla will notify you with an email wneh an update to the core is available. This feature can be disabled in Joomla from the plugin manager..

3: Install security plugins

The use of plugins make things quite easy.. Once you have your script updated you can further strenghten your security by installing security plugins. Security plugins actively prevent against hacking attempts. But you need to be careful when choosing plugins to install because some plugins have themselves not been updated and may not be compatible with your script. This check may be useful in helping you choose a safe plugin to install on your website:

  • Check version compatibility. You must check to be sure your plugin is compatible with your version. If not update your plugin or get an alternative.
  • Check reviews. We recommend that you patiently review the user comments and investigate every negative review because some plugins have been developed by people who infuse malicious codes that can create security probelms. So note that not all plugins shoulld be installed on your website.
  • Consider plugin source. The credibility of the developer should be taken seriouslyy in deciding wether to install or not to install a plugin.

Some Security Plugins for popular CMS

Let's now look at some of the tested plugins used for the security of the most common content management systems (CMS).


iThemes Security

The iThemes Security plugin for WordPress is touted as the most outstanding and most effective security plugin for WordPress. That can be seen as a big claim. However for a free plugin with over 30 features to protect your site, iThemes is one plugin to be taken seriously and had been proven to be very effective in protecting a WordPress site. Anothing rating that goes for this plugin is the user rating giving it a rating of 4.7 out of 5 with downloads approaching 4 million. It's recommended for WordPress security.

BulletProof Security

This plugin is also very good and recommended for WordPress Security Protection. Its features include Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam & much more.

BulletProof Security is free but also has a paid version with additional features. Its basic free version has these Features:

  •     One-Click Setup Wizard
  •     Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)
  •     MScan Malware Scanner
  •     .htaccess Website Security Protection (Firewalls)
  •     Hidden Plugin Folders|Files Cron (HPF)
  •     Login Security & Monitoring
  •     JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)
  •     Idle Session Logout (ISL)
  •     Auth Cookie Expiration (ACE)
  •     DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups
  •     DB Table Prefix Changer
  •     Security Logging
  •     HTTP Error Logging
  •     FrontEnd|BackEnd Maintenance Mode
  •     UI Theme Skin Changer (3 Theme Skins)
  •     Extensive System Info

Joomla Security Plugin

Centrora Security Scan

**Centrora Security **is modified from OSE Firewall Security. It has a built-in Malware and Security Scanner which helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities.

It is advantageous in several aspects.. It utilises high speed dedicated servers for the virus scanning and Backup. It provides up to 10 GB of cloud space to store your backups. The efficiency of scanners like MD5 Hash scanner, Core Directory scanner Vulnerability scanner and Dynamic Virus scanner is another plus for this plugin which comes with a revamped Used interface(UI).

4. Use HTTPS

You may already know that the green bar or the https starting a url is a sign of security. That is true. It is applied to website that use the SSL security.and had been a signal that a website is safe to provide financial information on that particular webpage.

Also read: Guard Your Website Reputation: Stay Protected with SSL

 5: Use parameterized queries

SQL injjections are one of the most common website hacks many sites fall victim to. Inections occur when outside users can supply information into your website without permission. If you leave the parameters of the field too open, someone could insert code into them that lets them hack into your database, which may well contain sensitive customer information, like their contact info or credit card numbers.

There are a number of steps you can take to protect your website from SQL injection hacks; one of the most important and easiest to implement is the use of parameterized queries. Using parameterized queries ensures your code has specific enough parameters so that there’s no room for a hacker to mess with them.

Also read: How to Prevent the most common Application Attacks against websites

6: Use CSP

This is quite similar to the SQL injections. In cross-site scripting (XSS) attackers find a way to slip malicious JavaScript code onto your pages which can then infect the pages of any visitors to your website that are exposed to the code.

Part of the fight to protect your site from XSS attacks is similar to the parameterized queries you use for SQL injections. You should make sure any code you use on your website for functions or fields that allow input are as explicit as possible in what’s allowed, so you’re not leaving room for anything to slip in.

Another tool you have to protect yourself from XSS is Content Security Policy (CSP). CSP allows you to specify the domains a browser should consider valid sources of executable scripts when on your page, so the browser knows not to pay attention to any malicious script that might infect your visitor’s computer.

7: Secure your passwords

You may have well known about this and how to go about it because we have quite often talked about it. It is very important and we have well taked about password security and provided a guide in this article.

8: Lock down your directory and file permissions

All websites can be boiled down to a series of files and folders that are stored on your web hosting account.  Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong.

On the Linux operating system, permissions are viewable as a three-digit code where each digit is an integer between 0-7.  The first digit represents permissions for the owner of the file, the second digit represents permissions for anyone assigned to the group that owns the file, and the third digit represents permissions for everyone else.  The assignations work as follows:

    4 equals Read
    2 equals Write
    1 equals Execute
    0 equals no permissions for that user

As an example, take the permission code “644.”  In this case, a “6” (or “4+2”) in the first position gives the file’s owner the ability to read and write the file.  The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations.

So, a file with “777” (or 4+2+1 / 4+2+1 / 4+2+1) permissions would then readable, write-able, and executable by the user, the group and everyone else in the world.

Therefore a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one which has been locked down in order to reserve all rights for the owner alone.

For this reason, a good rule of thumb is to set your permissions as follows:

    Folders and directories = 755
    Individual files = 644

To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP.  Once inside, you’ll see a list of your existing file permissions from the right and just click on them to alter accordingly.

Comments (1)

  • MindtechAffiliates

    such a informative information Great work! Keep going

    December 28, 2018 at 05:24 AM

Leave a comment

Powered by Simple Blog