Skip to content

The Ultimate Guide For Website Security

The Ultimate Guide For Making Your Website Hack Proof. Keeping your website security in our mind we have listed these industry-proven points.
website security

I have been in the hosting industry for a while now and I have seen 100’s websites getting hacked most of them are open source CMS like WordPress, Magento, and others.

Well, you have worked hard for making your website look that awesome and even worked harder by bringing those priceless visitors, now it’s time to make sure it stays that way, no one wants to see that ugly-looking hacker page on your website.

You may think that your website is not worth hacking, but most of the hacking is done by automated scripts, just to show how smart they are or attempts to use your server as an email relay for spam, or to set up a temporary web server, normally to serve files of an illegal nature.

First thing first  Always remember,  Always let me say it one more time ALWAYS remember to keep Backup of your website.  Like us, most Web Hosting providers do provide Backup Hosting solutions. Do ask for one.  

Once you are done with your backup solution, We can proceed towards your website security.

Table of Contents

Always Keep Your Softwares Updated

If you are using our Linux Shared Hosting or Windows Shared Hosting, At the server end, we always keep our software updated to the latest release, Like PHP, Apache, and MySQL but as a website owner you should also keep track of your CMS like WordPress, Magento or any open-source application update. If you are using custom code’s make sure you keep track of depreciated functions. For example here is the list of Deprecated features in PHP 5.3.x 

Avoid Common Error Messages

 Think before you give error messages to your visitors and about how much information you give away in your error messages. e.g if you have a login form on your website with two fields like username/password then you should use generic messages like “Incorrect username or password” not Incorrect username for wrong username and Incorrect Password for the wrong password. If an intruder tries a brute force attack to get a username/password and the error message gives away clues that one of the fields is correct then the attacker knows he has one of the fields and can concentrate on the other field.

Form Security

If you are using any kind of Form in your website always keep captcha verification and all validation should be done from the client and server-side both. Just to make sure the user is not manipulating java scripts.

Password

Ok, I must have put this in the number one point on my list. But it’s never too late, everyone knows that you should have a strong password but remember you should have a strong password for your Webmail / Cpanel / Plesk and even your admin area. If you have an admin area and you are using Linux Shared Hosting can put the double password (2 levels of security ) by putting this code in your .htaccess file.

create a .htaccess file and upload it in /admin/ directory (in WordPress /wp-admin/ ). Then add the following codes in there:

[su_code scroll=”1″]
AuthType Basic
AuthName “WordPress Protected Area”
AuthUserFile /home/peter/admin/passwords
Require validuser
<Files adminajax.php>
Order allow,deny
Allow from all
Satisfy an
</Files>
<Files “\.(css|gif|png|js)$”>
Order allow,deny
Allow from all
Satisfy any
</Files>
[/su_code]

replace the folder path in Line #3, Switch to the Main root folder (/home/public_html), open the .htaccess file for editing (Or create) and add the following lines:

[su_code scroll=”1″]
#Do not display Authorization Error Message
#Instead, redirect to the blog home page
ErrorDocument 401 /
[/su_code]

Save the file and you are done. All users of your WordPress / Admin (including you) will now have to enter two passwords to access the WordPress / Admin dashboard.

If you are using Cpanel, You can password protect the directory by login into Cpanel >> Password Protect Directories (The Easy Way 😉 )

Using Secure FTP mode

SSL

Recently google has announced that “We will give priority to the website having SSL certificate in ranking as one of their ranking factors” now imagine how important is SSL certificates for your website.

Remove unwanted files

Most of us have this bad habit of keeping old code files or even unused theme files in WordPress. Remove any such files, Plugins, or themes you no longer require. As attackers may use them as easy prey as most of them are an outdated bunch of code.

Hopefully, these tips will help keep your site and information safe.

Facebook
Twitter
LinkedIn
Digg
Picture of netspace

netspace

Leave a Comment

Subscribe: Trusted By 1M+ Readers

Get the weekly Tech Update straight to your inbox.

//
Our customer sales team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?