How to Prevent your Website from Being Hacked
Is it really that important to prevent your website from being hacked by hackers? Through my years of experience working in a web hosting company, most of the website owners refuse investing on online security to protect their websites or blogs from cyber attacks usually because:
“It’s not worth to attack my small online business!”
“Why they want to attack my website that has nothing worth of real value?”
These thoughts are the exact opposite of the way a website owner should be thinking about website security. According to the report from Sitelock, 99% of the hacked websites include small business websites, blogs, and non-profit websites.
The majority of website security breaches are not to steal your data, but make money from your server by spamming, setting up fake server, serving files for illegal activities or even mining for Bitcoins.
To prevent this happens to you, we will share about the 6 tips that you can take action to protect your website. While taking these steps will not 100% guarantee that your website will never be hacked, it will at the very least decrease your risk!
1- Update Your Plugins or Software Regularly
Whether you are enjoying or busying at work with your computer and a message pops up with “a software update is available”. So you click “cancel” and “update later”, but you never do.
Sound familiar? This might be relevant to most of us.
Software updates will take up several of our times and it may seem not important. But the truth is, it provides opportunities for hackers to access your information through those security holes.
Those browsers and operating systems require regular updates to maintain stability and safe. Why software updates are that important? It often include latest patches to security holes because the programming tools used by hackers are up-to-date too!
Besides that, software updates always offer better features or compatibility with different devices. They ought to provide better user experience and enhance your software.
Yes, repeated reminders can be annoying but it reinforces your experience in the long term.
2- Use HTTPS (SSL)
SSL stands for Secure Sockets Layer, It is a part of HTTPS (Hypertext Transfer Protocol Secure).
SSL certificates are used to create an encrypted channel between your website and your visitors. Exchanging of data such as credit card details, login information are very sensitive have to be encrypted. It protects user data and encrypts the exchange of information once the SSL certificate is installed on a website.
Since 2018, Google has labelled all websites without SSL as “Not Secure” websites and claimed those websites are “Vulnerable to Cyberattacks”.
The cost of an SSL certificate is small, but the addition level of encryption it offers greatly secure your websites and your visitors!
At Exabytes, we take website security seriously. All Exabytes Hosting Packages offer a free SSL certificate. The free SSL certificate will be automatically attached in your hosting plan, you will need to install it on your website.
3- Set a Difficult Password for Your Account
It is common sense that we should use complex passwords, but it doesn’t mean we will always do it. Because we will always go for a password that is easy for us to remember.
As a example, 123456 or abcd1234.
We had been doing the same thing before. If you are still using it and haven’t been hacked yet, you should be one of the luckiest people in the world!
It is essential for us to use strong passwords to protect your account. Enforcing password by a minimum of 15-20 characters, which includes uppercase letter, number, and symbol is ideal to protect your information in the long run.
We recommend our users to use passphrase. It is a collection of common words combined together randomly into a phrase.
For example:
EXABYTES SSL FREE CERT
Into
3X@13yt35SS1FR33C3rT
The best passwords should be easy for you to remember and hard for hackers to crack. The benefits of passphrase make the ideal password because it uses real words that you can remember and they are long enough. This increases the difficult levels for cyberattacks.
Last but not least, avoid using repeated passwords in another accounts.
One gets hacked, all get hacked
4- Avoid File Uploads
Allowing users to upload files up to your website can be risky. No matter how innocent the file may look, there is a risk that contains a script that will completely make an entrance for hackers.
Some websites do allow user to set up profile. Even allowing users to upload an image for profile picture can be a security risk. If you do have one, please treat every uploaded file with suspicion.
One of the best solutions we can suggest to you is to stop uploaded files access to your website directly. Any files uploaded can be stored in an outside folder for checking before delivering into your main website.
5- Get Website Security Software
If you build your website with a CMS such as WordPress, you can prevent your website being hacked with some free security plugins. Each of the CMS have several free security plugins available. This are some examples for you.
WordPress:
– Wordfence Security
– iThemes Security
– All in One WP Security & Firewall
– Sucuri Security
Joomla:
– Admin Tools Professional
– RSFirewall
– Securitycheck Pro
– Antispam by Clean Talk
After you have done your efforts in securing your website, you can consider to test your website security through some website security tools.
There are many free products to assist you. They run on a similar scripts with hackers and test your website by compromise your site. It provides recommendation on your website’s security level.
Some examples are:
– SecurityHeaders
– Acunetix
– Netsparker
Of course, those free tools will not provide fully security for your website as whole. If you are taking your security seriously and would like to go for advanced security, you may consider:
Sucuri Website Security
- Proactive protection with daily scans, malware detection, cleanup, and prevention.
- Web Application Firewall to stop website attack.
- Brute Force Protection stops unauthorized login attempts.
- Blacklist detection quick identify if your website is affected.
6- Regular Backups
Now I believe you do have some clues to protect your websites, however, even if you do everything else, the risk is still there.
The worst thing that can happen should be losing everything from hacking. The best practice to protect your efforts is to make sure you do backups regularly.
Avoid leaving you empty-handed when anything happens. If you have a recent backup, recovering is actually easy. You are encouraged to make a habit of backing up your website manually daily or weekly.
I hope these tips can be useful for you to prevent your website from being hacked by hackers. If you need further assistance, please feel free to contact us.
We are more than happy to help!
It’s better safe than sorry