Tuesday, August 11, 2015

How to Make your Website Secure to Avoid Getting Hacked

The risk of a website being hacked is directly proportional to the growing reach and popularity of the internet.

If you are a website owner you need to make sure that your website is fully secure from hackers to avoid loss of important and private data. Not having a secure website can also affect your online presence and reputation. Over the last few years website hacking has increased significantly and large number of websites have been affected by this.

When we start talking about website security, the blame game between the website host and the developer starts almost automatically. As a website owner it is your job that your hosting company, programmer and of course you do your best to prevent your website from hacking.

Here are some areas of focus that can prevent the website from the risk of hacking: 

Developer: As a website developer you are not only responsible for make a code executable but you are also responsible for developed a fully secured website where no one can hacked your website.  So if you want to keep your website secure and avoid any kind of hacking or malware you need to focus on the following areas:
  • Updated Software & Plugins: Always use updated software & plugins for your website. Older versions can cause security issue for your website so keeping everything updated is prudent.
  • Use Open Source Software or Plugins from Trusted Sources: if you are developing any open source websites like Wordpress, Joomla, Magento etc and using free plugins, always use those items from verified and trusted source. Also read their reviews and feedback carefully.
  • Avoid using General Extensions for Admin Section wherever Possible: Hacking is done by way of a program built by setting up of code. Being a smart developer you have to figure out how can you save your website from such programs. For example if you are developing CMS based website then use alternate name for admin user login rather than general login like /admin, administrator, wp-admin etc. You can thereby reduce the chance of hacking as it will be difficult to recognize your admin address by hacking programs.
  • Always Use Capcha for Forms: Without a proper validation to check whether your website enquiry form is being filled by a human or a software, the chances of spamming are high. Adding capcha in all kind of reservation and enquiry form is a great way to circumvent this problem.
  • Hide Secure Folders & Databases from Search Engines: Hide your all secure folders and database from search engines to avoid any kind of attack from hackers. In absence of this hacker can easily recognize your files, folders, database name and directories.
  • Server Side Validation/Client Validation: Use proper server side and client validation in your website. It will help you avoid any kind of access by robots, software or program.
  • File Upload & Permission:  Always limit the file uploads so you can avoid unlimited file uploads in a short period of time. Also ensure that you use proper file permissions. It is prudent to allow write permissions for limited number of files.
These are some of the basic and important steps through which you can save your website from any attacks.

Hosting Company: When you are selecting a hosting company you need to make sure that your hosting provider is taking all the necessary security measures for your website. Ensure that your website hosting has following security features:
  • Security Tools: Make sure your website hosting features has in built security tools in order to safeguard your website. These security tools let you know the security status, error and broken page website.
  • Automated Reset Password: Hosting Company should enable the automatic reset password option for certain period of time. This feature forces you to change the password after certain period of time and ensures security.
  • Firewalls: Your hosting company must have security firewalls, which prevent you from all kind of attacks. The Firewall checks all miscellaneous codes, files and will prevent the website from.
  • Virus Scan- It is prudent to check if your hosting company uses updated virus scan tools to keep you protected
  • File Uploads- Check if your hosting company offers secure file transfer protocol as it offers extra layers of security
  • Backup- Ensure that your hosting company takes frequent back ups. It is best to check the frequency of back ups as also the duration for which back ups are kept.
  • Script & Database- Make sure that your hosting company uses data base security best practices such as encrypting storage files and keeping all patches current.
  • SQL Injection – While many security measures are available against a possible SQL Injection attack, the most basic protection you can get against it is through data validation. Validation done through the server end ensures that it cannot be altered or bypassed.

Website Owner/Administrator: If you are a website owner or you have a web administrator who manage your website than you cannot leave anything for your hosting company and developer. You will have also take care of all security measures and make sure everything is working properly and keep your eyes open all the time. Here are some areas where you need to work regularly:

  • Password: Keep changing your website panel, FTP and other related passwords frequently. Make it your habit and you can disappoint hackers!
  • SSL: Use SSL certificate for your website. By investing some money you can save your secure data like card details, personal information etc.
  • Antivirus: If you download and upload files into your server make sure your computer is safe and secure. Use best antivirus and keep your computers or mobile virus free so your files will not infected.
  • Backup: Take your website back up on regular basis even if your hosting company does it for you. It will help you to restore your website in some accidental situations if your website is hacked
  • Alerts: Regularly check all alerts and messages from your hosting provider, webmaster tools as well as other security tools which you have already installed in your website. All these alerts will help you from any possible hacks or will at the least, inform you to take immediate action incase the website is hacked.