Securing your web site may be one of the most important things you can do to ensure your data is safe from hackers. Any hole left open is an invitation to nefarious attacks and these attacks can lead to not only leaking or usage of your private information but information that belongs to your customers. Proper security measures effectively put into place can deter attacks and give you and your customers peace of mind.
How hackers work
First, exactly how do hackers get into your site and gather information? Above all else, hackers are patient as much of their work involves guessing. After carefully watching your web site for a time, the hacker will peruse cookies that are created and see if changes to the cookies garners success, explore the source code of each of your site’s pages and often will create an account to view the authorization process. Hackers spend a great deal of time processing the information they gather to enable them to see where the holes are and how they can exploit these areas.
Update your CMS
One of the very first and simplest things to help secure your web site is to ensure you have the most current update of your CMS (content management system). Software such as Drupal, Joomla, WordPress and many other mainstream CMS programs are constantly tested and updated to close up any unsecured areas. Each day you let an update slide is another day a hacker has to get to your secure information.
Change the defaults
CMS programs often are automatically setup with default information. After installing your CMS program, ensure you are not using the default administrator user name (often simply admin) and you have changed any default passwords. You can be sure a hacker will know all the default information with regard to the particular CMS software your site is running on.
PHP error reporting
PHP is a very handy bit of web site programming but unfortunately can tell a hacker a lot about your system and your site if the error reporting level is set to show too much information in error messages. You can greatly reduce this risk by completely turning off PHP error reporting and setting your configuration to not display errors should one occur. If you are unable to do this yourself, request it of your system administrator or from support at your web hosting company.
The htaccess file
By properly setting up your htaccess file, you can also keep hackers out of secure files. First, you should ensure no one can access the actual htaccess file itself accidentally by including the following within the htaccess file:
<files .htaccess>
order allow, deny
deny from all
</files>
If there are any other files you wish to keep private, you can use the same coding and replace .htaccess with the name of your secure file.
Secure passwords
Lastly, it almost goes without saying but always use very strong and secure passwords. It is very unwise to use your birth date or passwords that are very easy to remember. If you can remember it easily, it’s a safe bet that a hacker will figure it out in a matter of seconds. There are many sites online that can help you create a good, solid and secure password.
Conclusion
Being diligent with the security of your web site will not only benefit you but will also benefit your customers. Take a few moments to go over the tips listed above and don’t give a hacker a chance.
October 23rd, 2009 at 5:08 am
Cyber theft cases have increased considerably in the recent past. So one needs to be cautious while on the Web. I got my domains registered through LimeDomains and then got them hosted on their server. I then chose their private domain registration services and got my personal information masked with that of my registrar’s.
October 29th, 2009 at 4:30 pm
Great job and good information here.
Web hosting on Windows
February 2nd, 2010 at 4:59 am
Thanks. I’ll keep that in mind. Nice to hear.