How to protect the website from attacks/hackers
Security concern is the one of most important topic that threatens every website owner in today’s time.Every 7 out of the 10 websites are being target by some sort of attacks. Due to these attacks your website either become malicious or all data wiped out by some iniquitous hackers, which further impact the reputation of your website and any sort of infection can lead your website blacklisted by Google. In order to protect your websites against malware attacks, we have listed below some tips/suggestion which can protect your website from being hacked:
1. Update scripts and plugins regularly
Old applications can have serious security holes that allow exploits such as injections into pages that allow files to be uploaded to your account. The only way to maintain site security is by keeping all applications and scripts up-to-date. It is suggested to update all scripts, template and plugins on your account to the latest stable versions.
2. Change login and Strengthen passwords
Weeks passwords can easily cracked and cause serious threats to your websites. It is suggested to change the passwords on regular intervals and password strength should be high. A strong password is a combination of alphanumeric characters using both upper & lowercase and symbols, such as “Pa$$w0rd”. Do not use dictionary based words for your passwords. Also, avoid saving passwords in any software such as ftp client, browsers. etc.
3. Install Security Plugins
Next step in enhancing the security of your website, it is highly recommended to use security plugins available in the market. For example, If you are using WordPress CMS for your website, you may go for freely available plugins such as “Better WP Security and Bulletproof Security”. Plugin can play important role in protecting your websites against malicious attacks.
4. Protection using .htaccess and php.ini file
Most of the users ain’t aware with the fact that .htaccess and php.ini file can be used to further enhance the security of the website. There are few basic rules can be used and protect the website from any unauthorized access. We would suggest disabling remote file inclusions by inserting the following line in your public_html/php.ini file (if not file is there, you may create a new one):
allow_url_fopen=Off
allow_url_include=Off
disable_functions=popen,passthru,escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open, proc_terminate,shell_exec,system,blob,exec,escapeshellarg,pfsockopen,stream_get_transports,stream_set_blocking
To help prevent XSS attacks, add the following lines of code to your .htaccess file :
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]
5. Prevent Directory Browsing:
One of the biggest threat to any website is when we can browse the directories without any restrictions. It give us a nice view of the structure of the site and the security vulnerabilities. In order to prevent this, you can add the following code in the .htaccess file of your website:
# disable directory browsing
Options All -Indexes
6. Protect Upload Directory:
Hackers always trying to find out the way to upload the files to your websites which can be used to spread further harm to your website/server. Protection on the Upload directory adds another layer of the security to your websites. Avoid direct access to upload directory and discourage uploading of .php, .js extension files from your websites to upload directory. This can be done at the coding level. You can also prevent the execution of the files under upload directory and all its sub directories by creating a .htaccess file under uploads directory and following code in it:
deny from all
7. Website Scanning
Apart from the above security suggestions, it is recommended to scan your website for any known malware. Many web viruses and malware go unnoticed because of they looks similar to a normal code. It can be one line script or a malicious code which is embedded into your websites. Sitelock is best available solution which automatically scans your websites and remove any malicious code from your website.
8. Web Application Firewall:
Removing ant existing malware or virus from your website is one thing but prevent your website from injecting anything is other. Third party firewalls such as SecureLive provides you real time protection from hackers and exploits. This application will not remove existing exploits or malicious code; it will protect you from future exploits.
9. Backups
Backup is one of the most important thing which you need to do on daily, weekly and monthly basis. Backing up your website data will ensure you will have backup of your website and if anything goes wrong or your website got hacked or all data is wiped off by any hacker, you can restore the entire website using the backups.
10. PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.
At Impulsive Solutions, we worked with you for the protection of your website. If you’re looking for a new hosting provider, you can click here to signup for a great deal. For new accounts, we’ll even transfer you for free! After you’ve created an account, you just need to contct us via support tikcet.