The 2017 hacked website report by Sucuri shows that the cases of website infections are soaring year after year.
WordPress, being the dominant CMS, accounted for the highest percentage of infections. These infections come in different malware families such as spam SEO, backdoor, mailer, hacktool, and dropper.
Backdoor files are the most common, and hackers use them to infect your site before gaining access.
As a website owner, the last thing you want is to have your website exploited and damaged by a blackhat hacker somewhere. In this post, we’re going to share 7 tips on how to make a website secure.
Keep on reading to learn more!
1. Keep Your Website Updated
While vulnerabilities are the most common causes of hacks, outdated websites also provide hackers easy targets for exploitation.
The Sucuri report showed that up to 80.3-percent of Magento websites, 92.1 percent of OpenCart sites, and 96.4-percent of OsCommerce sites were out-dated at the time of the study. This allows hackers to leverage vulnerabilities in outdated versions.
As such, you should always keep your site up-to-date. Usually, your CMS provider will notify you whenever there are new updates. Some CMSs, such as WordPress, allows you to configure automatic CMS and plugin updates to ensure current configurations and security protocols.
2. Use Security Plugins
After making sure all the elements of your website are up-to-date, be sure to install security plugins. Such plugins help to monitor your site and prevent possible infections and hacking attempts.
There are different plugins you can use, including Sucuri, iThemes Security, Bulletproof security, and Wordfence. Just search WP’s plugin depository for any of these plugins and install them. These tools offer both free and paid versions.
They work by scanning your website for files or anything that shouldn’t be there. Security plugins lock out users who attempt accessing your site using incorrect details. Some also ban IP addresses where malicious attempts originate.
3. Use SSL Certificate
When you visit a website, and you notice it’s using the “https” protocol instead of “http,” that’s the SSL certificate.
SSL is spelled out as secure sockets layer. It helps to ensure a secure and encrypted connection for sensitive customer information. It’s highly recommended to install the certificate, especially if you have an ecommerce site.
The green https in the browser URL bar signifies that it’s safe for customers to use their cards or share their financial information on that particular webpage. Having the certificate can help you protect your customers’ information from potential interceptions.
4. Use Secure Passwords
This advice is commonplace, but a lot of webmasters are still sticking to their ABC or 123 kinds of passwords. It’s also been noted that most people are still using 123456 as their password.
Having a unique password is all about creativity, and it’s has nothing to do with its length for the most part. Of course, your password should be eight characters or more, but don’t make it too long that you can’t even remember or master.
For example, instead of having green4590 as your password, you can have something like gR33n4s9@. The latter example is hard for anyone to guess, but easier for you to remember.
Avoid using your birthday, kid’s name, pet’s name or favorite things as your passwords. One weak password makes your all website vulnerable.
5. Use Content Security Policy (CSP)
Have you heard of cross-site scripting (XSS) attacks? If not, they occur when a hacker injects malicious Javascript code into your site. The code then infects any page that’s exposed to the code.
Using Content Security Policy (CSP) is one of the ideal ways for preventing such attacks. CSP works by allowing you to define domains that browsers should consider credible sources of executable scripts. This way, browsers will avoid malicious scripts that can affect your visitors’ computers.
You can add CSP by incorporating the proper HTTP headers that specify domains that are valid.
Also, you need to ensure that the code you use for website fields and functions is clear about what’s allowed to prevent possible loopholes.
6. Prevent SQL Injections
Most people usually overlook the importance of web form fields and URL parameters when setting up their website. Beware that hackers can exploit these components to get access to your database.
So, if you keep sensitive data, such as customer profiles and financial details, in your database, they can easily gain access to them using SQL injections.
You can avoid such cases by using parameterized queries. These queries ensure your code has specific parameters to prevent possible opportunities for exploitation.
7. Lock Your Directory and File Permissions
This is a bit technical, so it’s better to seek help from experts such as Studio Misfits agency if you have limited know-how about web hosting.
In web hosting, your site is made up of files and folders, which are stored in your account. Each of the files and folders has specific permissions, which control who can read, write, and execute a given file or folder. Accessibility to the files and folder depend on a particular user’s role and the group they’re assigned to.
If you’re using Linux OS on your hosting account, permissions use a three-digit code. The first digit is the permission for the file owner, the second is the permission for a member of a group that owns the file, and the third is the permission for every user.
The permission assignations work like these:
- 4 means permission to Read
- 2 means Write
- 1 means Execute
- 0 means no permissions for that user
So, we can have an example such as 644. 6 denotes a user can read and write because they have two permissions, 4+2. The second and third 4 means that two users groups both can read only.
A file with 777 means all users and groups have access to all permissions. 777 can be written as 4+2+1 / 4+2+1 / 4+2+1.
With this in mind, be sure to set permissions on your files to control accessibility thus reducing the possibility of hacking. The most recommended permissions should be 755 for folders and directories and 644 for individual files.
How to Make a Website Secure – Final Thoughts
The truth is, having a stable website means you have invested time, cost, and efforts to ensure its success. But a simple hack can erase all the progress you have made. For example, a hack can lower your SEO rankings.
So, it’s best to learn how to make a website secure to keep hackers at bay. There are many cybersecurity hacks you can leverage, but this post has covered some of the crucial things you need to do.
If you have any thoughts on website security, let’s us know in the comments.