How to secure your website

Author: Florence Bailey
Date Of Creation: 24 March 2021
Update Date: 27 June 2024
Anonim
How to Secure Your Website From Hackers in 1 MIN (WordPress Website Security)
Video: How to Secure Your Website From Hackers in 1 MIN (WordPress Website Security)

Content

In this article, we will tell you how to protect your site from attacks. Be sure to use an SSL certificate and HTTPS protocol; there are also other ways to protect websites from hackers and malware.

Steps

  1. 1 Update your site regularly. If you do not update the software, security, and scripts of the site, it can be hacked by intruders or attacked by malware.
    • The same applies to patches from your hosting (if any). If there are new patches available for your site, be sure to install them.
    • Also renew the site certificates. Although they affect security only indirectly, it ensures that the site continues to appear on search engines.
  2. 2 Use security software or plugins. There are various website firewalls that you can subscribe to and provide real-time protection; also some hosts (eg WordPress) provide plugins to protect sites. Therefore, we recommend that you protect the site with software, just as you protect your computer using, for example, antivirus.
    • Sucuri Firewall is a great paid firewall; free firewalls or site protection plugins are available from WordPress, Weebly, Wix and other hosting services.
    • Web application firewalls are usually cloud-based, which means you don't need to download and install them on your computer.
  3. 3 Prevent users from uploading files to the site. If you do not do this, the security of the site will suffer. If possible, remove from the site anything that allows users to upload files to the site.
    • If you cannot prevent uploading files, only allow certain file types to upload, such as JPG files in the case of photographs.
    • You can also create a mailbox, and specify an email address on the site so that users can contact you by email.In this case, users will send files to email, rather than upload them to the site.
  4. 4 Install SSL certificate. It confirms that the website is secure and can exchange encrypted information between the server and the user's browser. Typically, you have to pay for the use of this certificate once a year.
    • On a paid basis, an SSL certificate is distributed, for example, by GoGetSSL and SSLs.com.
    • Let’s Encrypt issues this certificate free of charge.
    • When choosing an SSL certificate, three options are available: domain verification, business verification, and advanced verification. Google requires business validation and advanced validation to display a green security icon to the left of your website URL.
  5. 5 Use the HTTPS encryption protocol. When you install an SSL certificate, the site will be entitled to HTTPS encryption; to activate this protocol, install an SSL certificate in the Certificates section of your website.
    • Some hosts, such as WordPress or Weebly, automatically enable HTTPS protocol.
    • The HTTPS certificate is renewed every year.
  6. 6 Set secure passwords. A strong site administrator password is not enough - create complex random passwords that are not used anywhere and store them off-site.
    • For example, use a 16-character set of letters and numbers for your password. Save this password to a file on another computer or hard drive.
  7. 7 Hide admin folders. If the folder with confidential files is called "Admin" or "Root", this is convenient, but unfortunately, both for you and for hackers. So rename the folders to something mundane like New Folder (2) or History.
  8. 8 Simplify error messages. If there is too much information in such a message, hackers and malware can use it to find and access the root directory of the site. So just add a short apology and a link to the main site in the error message.
    • This applies to all 404 to 500 errors.
  9. 9 Hash passwords. If user passwords are stored on a website, do so in a hashed form. Inexperienced site owners store passwords as text, which makes them easier to steal if the site is compromised.
    • Even big sites like Twitter have made such mistakes in the past.

Tips

  • Hiring a web security consultant to review site scripts is the fastest (but also the most expensive) way to address potential vulnerabilities.
  • Test your website with a security scanning tool (such as Mozilla's Observatory) before launching it.

Warnings

  • Often, security vulnerabilities are not discovered until someone is harmed. To avoid negative consequences, regularly (once a week) back up your website and store them on a computer that is not connected to the network or on an external hard drive.

Interesting Today

How to Use Siri
How to Use Siri
How to Block Text Messages on iPhone
How to Block Text Messages on iPhone
How to Fix Google Chrome when viewing YouTube fullscreen
How to Fix Google Chrome when viewing YouTube fullscreen
How to Write a Five Year Plan
How to Write a Five Year Plan