Prevention is better than cure… here are 10 steps to show you how to secure websites and stop them from being hacked.
So here you are minding your own online business, keeping your website compliant with Search Engine guidelines and doing all the right things when all of a sudden your website is hacked! But there are ways and means to safeguard your website from malicious attacks by hackers or spammers. Here are ten security tips on how to secure websites – don’t give hackers any opportunity to exploit any vulnerabilities on your website.
Keep your web server software up-to-date and fully patched
This is one of the major reasons why a site is vulnerable to attacks. If you are running old versions of software, it may be insecure and put your site at risk. Make sure you upgrade to the latest release which not only would have the latest functionality and enhancements, it will also have the latest security fixes as well. You leave your website open to being hacked if you don’t upgrade and it is more susceptible to attacks.
Look before you download
Before you install any third-party plugin, apps, widgets or content providers on your website such as the WordPress All In One SEO pack, scan it with your antivirus program to be on the safe side. It’s also good to do some research on the code to see if there are any bugs that need to be fixed in the next release. You can look at the developer’s own notes or a quick Google search should be able to uncover any information.
Keep your computer secure
This may seem obvious but if the computer you are using to access your content management system (CMS) is not protected with antivirus software, your website will also be at risk. This is something to be aware of when accessing your website from computers other than your own – the vulnerabilities are limitless. It doesn’t matter how good the security is on your website if the equipment you are using to access it is compromised.
Change your passwords regularly
It is vital that you change your password regularly and pick a password that is hard to guess for example a combination of letters and numbers both uppercase and lowercase. There are also plugins available like Limit Login Attempts which allows you to limit the number of times a password is entered before the user is temporarily locked out. When employees leave, you should change passwords for security purposes.
Use secure protocols
Many protocols are used in order to carry sensitive network management data. You must use secure protocols whenever possible. Matt Cutts, the head of Web Spam at Google suggests that SSH and SFTP should be used for data transfer, rather than plain text protocols such as telnet or FTP. SSH and SFTP use encryption and are much safer. Check out StopBadware.org’s Tips for Cleaning and Securing Your Website.
Check your server configuration
Matt Cutts also suggests checking your server configuration to thwart would-be hackers. He says that Apache has some security configuration tips on their site and Microsoft has some tech center resources for IIS on their site. This includes information on directory permissions, server side includes, authentication and encryption. An important piece of advice is to check your server logs (see below) and see if the necessary level of security is present.
Check your server logs regularly
By checking your log files regularly, you can monitor any unusual activity such as traffic for gambling, pharmaceutical and sex-related keywords or large amounts of traffic from one ip address which may be a sign your website has been hacked. Your log files are a history of your website activity; they can provide you with valuable information such as who has tried to access your site, what errors have occurred and who last edited your files.
Back up your files
Without stating the obvious, you need to religiously back up your site. Online corporate websites and ecommerce sites should do a daily, weekly and monthly back up. In this way you can roll back to a safe known good position in time even if your site becomes compromised. If your site is hacked, you can use your backup site to be able to restore your website and get it up and running without much disruption or delay.
Choose a reputable and reliable web host
If your website does get hacked, you need a web host on your side to help you get back on your virtual feet. If your site is hacked, you will want to restore it very quickly and you will need their help. That’s why you should choose a reputable and reliable web host who you can reach very quickly in an emergency. When thinking about how to secure websites, security on your web host’s servers is also paramount.
Monitor your site
Use Google’s Webmaster Tools (GWMT) to monitor your website for unusual activity. If Google detects your site has been compromised, they will send you a message and show more detailed information such as a sample of harmful URLs. To ensure you’re notified quickly, have your Message Centre messages forwarded to your email account. Once you think the malware is removed, you then can request a re-evaluation through GWMT.
Security is paramount when it comes to choosing your web host. Internet Intelligence Works has a team of Web Developers, Web Designers, SEO Experts, Link Building Analysts and Copywriters to help you with the initial design of your website through to optimising it for Search Engines. If you are thinking about a website redesign, speak to our team about secure hosting options and how to secure websites and keep them out of harm’s way.