How to Secure Website From Possible Hack

Website Security

Secure your website

Why do I need to secure my website?

Keeping your website safe from online threats is a priority, as the visitors prefer the websites which are malware free. If the visitors feel that your website is hacked, they may never ever visit your website again.

What are the reasons for website hacks?

When a website is hacked or malware infected, lot of factor comes into picture. Few of them are: robustness your hosting service provider against hack force, efficiency and security of your websites code, weak login credentials, vulnerable templates, plugins and unused user accounts and many more.

A user may not be able to find the exact reason for the hack but website security analyst can find the root cause of hack very easily.

How can I make my website hack-proof?

It’s not possible to make a website 100% hack-proof. Even the most popular websites might get hacked. However, here I have noted down some point’s which could help you to secure your website from common online threats:

  • Secure your database

If you are yet to create a website via CMS make sure to change the default table prefix (example: in wordPress ‘wp_ ‘ ). Also, never use default user names like admin.

  • Secure FTP Accounts

If you are using FTP to manage your website files use strong passwords as credentials, delete the old unused user accounts. Always keep an eye on FTP accounts list to make sure that no anonymous FTP account is created without your knowledge.

  • Keep your website files and backups secured

Never keep your website backup under root directory (pubic_html, htdocs etc) or the domain pointing directory. Hackers can download these files easily just by accessing domain/backup_name.zip and get access to the files. This might help the hacker to get access to your database or even to the entire website.

  • Follow security instruction by Hosting Provider

Always follow the security instructions given by the hosting service provider like set strong passwords for FTP, cPanel, database and website admin login. Change the password once in a month, never use passwords which are already used.

  • Use website add-on’s from official source

Using free third party themes, plugins, templates, modules or website performance enhancement application can lead to malicious scripts getting into your website. Free themes will have spam URl’s , encoded malwares which will redirect or send your web traffic to malicious sites.

  • Secure Website Code

Validate your website forms, comment section, subscription forms via captcha (plugin). Never give access to upload executable files (.php,.asp,.pl etc). If you’re giving access to upload images, allow only to upload image with preferred size.

  • Keep an eye on your Website files

Check your files once in a while via FTP or FileManger, sort the files by date (last modified). If you see any files which are recently modified and contain junk file names, that would be suspicious file. Edit the file, if you find any unwanted extra scripts remove it or delete the file if you are sure it’s not related to the website.

  • Use Security Plugins

Use security plugins from official CMS website. These security plugins will notify user if any of the files are acting suspicious, modified recently, block multiple failed login attempts etc.

In my next post I will come up with the detail, use of these easy to use security plugins and few more tips to catch the bad code. Keep an eye on this blog for updates.