5 Simple Tips for Website Security

3 min read

17 August 2011,

Technology

5 Simple Tips for Website Security

Hackers and malware can threaten your website security through vulnerabilities in software or plugins. Unless you protect your website, hackers can easily gain access to your files and databases. Unfortunately, the web has made it easy for hackers to compromise any website because information is so readily available online. Take the following important steps to protect your website from an attack and make it easier to recover if an attack does occur.

 

1. If you developed your own website, learn common hacker techniques.

Professional web developers and coders are familiar with the techniques hackers use to gain access to a website. If you coded your own website, familiarize yourself with these techniques to protect yourself. Here are some common ways hackers can gain entry to your website and more information about them:

Remote File Inclusion
http://en.wikipedia.org/wiki/Remote_File_Inclusion

Code Injection
http://en.wikipedia.org/wiki/Code_injection

SQL Injection
http://en.wikipedia.org/wiki/Sql_injection

Cross-Site Scripting (XSS)
http://en.wikipedia.org/wiki/Cross_Site_Scripting


2. Backup Your Website

If you should ever suffer an attack from a hacker, having a backup will get your website back up quickly. You should backup your website often and after every change you make. On your cPanel (control panel), there is a backup utility that will let you easily back up your entire website, email, files and databases.


3. Protecting Your Computer

Protect your own computer to prevent malware and hackers from gaining access to your website. Update your software regularly to protect your computer and your website. Along with important operating system updates, each software needs to be updated individually. See each manufacturer's website for more information on how to protect your computer.


Microsoft
Microsoft.com – Windows Update
http://windowsupdate.microsoft.com/

Microsoft regularly updates Windows to prevent hackers and malware. Windows Update will automatically find and install updates, but its a good idea to double check that you have downloaded and installed all security patches.

Apple
Apple.com – Apple Security Updates
http://support.apple.com/kb/HT1222

Apple operating systems are known for their stability and security, but you still need to download and install security updates. Use this link for more information if you are running an Apple operating system on your computer.

Adobe
Adobe.com - Security Bulletins and Advisories
http://www.adobe.com/support/security/
Adobe Reader – http://www.adobe.com/support/security/#readerwin
Adobe Dreamweaver – http://www.adobe.com/support/security/#dreamweaver
Adobe GoLive – http://www.adobe.com/support/security/#golive

Many web developers use Adobe products on their computer to help build websites. These programs can become vulnerable to hackers if they are not updated. Use the above links to download the latest security updates for Adobe Reader, Dreamweaver and GoLive.


4. Vulnerabilities in Software

Hackers know any vulnerabilities in software and can use these to access your local computer or your server to get access to your website. Hackers can use a number of common techniques to use these vulnerabilities to their advantage.

Many website owners run Open Source software on their website because they are free, and easy to download and use. Joomla and WordPress, two very popular website programs, are both Open Source. Since anyone can download the software, they can easily see the code and look for ways to hack it. Open Source authors update their software regularly to prevent hackers, so be sure to download and install these security updates.

For more information about security for Open Source software, see each program's website.

Joomla

Joomla Security Center
Contains important information about all of the latest news and articles about security directly from Joomla.
http://developer.joomla.org/security.html


Instructions For Updating
http://docs.joomla.org/Upgrade_Instructions


WordPress
WordPress.org – Upgrading WordPress
http://codex.wordpress.org/Upgrading_WordPress

Wordpress.org – How to Keep WordPress Secure
http://wordpress.org/development/2009/09/Keep-Wordpress-Secure/

WordPress.org – Hardening WordPress
http://codex.wordpress.org/Hardening_WordPress


5. Website Plugin Security

If you use any third party plugins or extensions on your website, these need to be updated regularly as well. Here is more information on updating various plugins:

WordPress
Wordpress.org – Hardening WordPress – Plugins
http://codex.wordpress.org/Hardening_WordPress#Plugins

Joomla
Joomla.org – Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List

 

Conclusion

Website security is constantly evolving and changing. You will need to update the software on your sever and local computer regularly to prevent attacks. Make certain that you backup your website regularly in case of an attack so you can have your website back online with minimal down time. Additionally, use an anti-virus software and malware scanner on your computer and scan for both daily.