fbpx
logo
Founded on 2005 by thought leaders in technology & IT solutions, with a mission is to build new internet driven new India scale data driven security & web solutions and enable businesses and consumers to interact safely.

Web Site Security

Cloud Management

Email Solutions

Payment Options
You can deposit direct fund to our ICICI Bank account by Cheque or Cash through any ICICI Bank Branch or ATM in India :
Account Name: Abit India Group
Account No.: 018205002680
Bank Name: ICICI Bank Ltd.
NEFT IFSC Code: ICIC0000182
Swift Code: ICICINBBCTS
Branch: Nashik Road

More Option

+91-9172533990

204, Nagpal House off Link Road, Bandra, Mumbai

Top

The Ultimate Guide For : Website Security

Netspaceindia / New  / The Ultimate Guide For : Website Security
website security

The Ultimate Guide For : Website Security

I have been in hosting industry from a while now and I have seen 100’s of website getting hacked most of them are open source CMS like WordPress, Magento and others.

Well you have work hard for making your website look that awesome and  even worked harder by bringing those priceless visitors, now it’s time to make sure it stays that way,  no-one want to see that ugly looking hacker page in your website.

You may think that you website is not worth hacking, but most of the hacking is done by automated scripts, just to show how smart they are or attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature.

First thing first  Always remember, Always let me say it one more time ALWAYS remember to keep Backup of your website.  Like us, most of the Web Hosting Provider do provide Backup Hosting Solution. Do ask for one.  

Once you are done with your backup solution, We can proceed towards your website security:

  1. Always Keep Your Softwares Updated:
    If you are using our Linux Shared Hosting or Windows Shared Hosting, At server end we always keep our software updated to latest release, Like PHP, Apache and MySQL but as a website owner you should also keep track of your CMS like WordPress, Magento or any open source application update. If you are using custom code’s make sure you keep track of depreciated functions. For example here is the list of Deprecated features in PHP 5.3.x 
  2. Avoid Common Error Messages: Think before you give error messages to your visitors and about how much information you give away in your error messages. e.g if you have a login form on your web site with two fields like username / password then you should use generic messages like “Incorrect username or password” not Incorrect username for wrong username  and Incorrect Password for wrong password. If an intruder tries a brute force attack to get a username / password and the error message gives away clues that one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.
  3. Form Security:If you are using any kind of Form in your web site always keep captcha verification and all validation should be done from client and server side both. Just to make sure the user is not manipulating java scripts.
  4. Password: Ok, I must have put this in number one point in my list. But it is never too late, Everyone know that you should have a strong password but remember you should have a strong password for your Webmail / Cpanel / Plesk and even your admin area. If you have admin area and you are using Linux Shared Hosting can put the double password (2 levels of security ) by putting this code in your .htaccess file.

    create a .htaccess file and upload it in /admin/ directory (in WordPress /wp-admin/ ). Then add the following codes in there:
    [su_code scroll=”1″]

    AuthType Basic
    AuthName “WordPress Protected Area”
    AuthUserFile /home/peter/admin/passwords
    Require validuser
    <Files adminajax.php>
      Order allow,deny
      Allow from all
      Satisfy any
    </Files>
    <Files “\.(css|gif|png|js)$”>
      Order allow,deny
      Allow from all
      Satisfy any
    </Files>
    [/su_code]

    replace the folder path in Line #3, Switch to the Main root folder (/home/public_html), open the .htaccess file for editing (Or create) and add the following lines:
    [su_code scroll=”1″]

    #Do not display Authorization Error Message
    #Instead, redirect to the blog home page
    ErrorDocument 401 /
    [/su_code]

    Save the file and you are done. All users of your WordPress / Admin (including you) will now have to enter two passwords to access the WordPress / Admin dashboard.

    If you are using Cpanel, You can password protect directory by login into Cpanel >> Password Protect Directories (The Easy Way 😉 )

    how to secure website

  5. Using Secure FTP mode:
    Always use FTPS or FTP over TLS to upload download files to your server.
  6. SSL:
    Recently google has announced that “We will give priority to the website having SSL certificate in ranking as one of their ranking factors” now imagine how important is SSL certificates for your website.
  7. Remove unwanted files:
    Most of us have this bad habit of keeping old code files or even unused theme files in WordPress. Remove any such files, Plugin or theme you no longer require. As attacker may use them as easy pray as most of them are an outdated bunch of code.

Hopefully these tips will help keep your site and information safe.

Liked this? Read these!

Comments