Hackers and malware can threaten your website security through vulnerabilities in software or plugins. Unless you protect your website, hackers can easily gain access to your files and databases. Unfortunately, the web has made it easy for hackers to compromise any website because information is so readily available online. Take the following important steps to protect your website from an attack and make it easier to recover if an attack does occur.
1. If you developed your own website, learn common hacker techniques.
Professional web developers and coders are familiar with the techniques hackers use to gain access to a website. If you coded your own website, familiarize yourself with these techniques to protect yourself. Here are some common ways hackers can gain entry to your website and more information about them:
Remote File Inclusion
Cross-Site Scripting (XSS)
2. Backup Your Website
If you should ever suffer an attack from a hacker, having a backup will get your website back up quickly. You should backup your website often and after every change you make. On your cPanel (control panel), there is a backup utility that will let you easily back up your entire website, email, files and databases.
3. Protecting Your Computer
Protect your own computer to prevent malware and hackers from gaining access to your website. Update your software regularly to protect your computer and your website. Along with important operating system updates, each software needs to be updated individually. See each manufacturer's website for more information on how to protect your computer.
Microsoft.com – Windows Update
Microsoft regularly updates Windows to prevent hackers and malware. Windows Update will automatically find and install updates, but its a good idea to double check that you have downloaded and installed all security patches.
Apple.com – Apple Security Updates
Apple operating systems are known for their stability and security, but you still need to download and install security updates. Use this link for more information if you are running an Apple operating system on your computer.
Adobe.com - Security Bulletins and Advisories
Adobe Reader – http://www.adobe.com/support/security/#readerwin
Adobe Dreamweaver – http://www.adobe.com/support/security/#dreamweaver
Adobe GoLive – http://www.adobe.com/support/security/#golive
Many web developers use Adobe products on their computer to help build websites. These programs can become vulnerable to hackers if they are not updated. Use the above links to download the latest security updates for Adobe Reader, Dreamweaver and GoLive.
4. Vulnerabilities in Software
Hackers know any vulnerabilities in software and can use these to access your local computer or your server to get access to your website. Hackers can use a number of common techniques to use these vulnerabilities to their advantage.
Many website owners run Open Source software on their website because they are free, and easy to download and use. Joomla and WordPress, two very popular website programs, are both Open Source. Since anyone can download the software, they can easily see the code and look for ways to hack it. Open Source authors update their software regularly to prevent hackers, so be sure to download and install these security updates.
For more information about security for Open Source software, see each program's website.
Joomla Security Center
Contains important information about all of the latest news and articles about security directly from Joomla.
Instructions For Updating
WordPress.org – Upgrading WordPress
Wordpress.org – How to Keep WordPress Secure
WordPress.org – Hardening WordPress
5. Website Plugin Security
If you use any third party plugins or extensions on your website, these need to be updated regularly as well. Here is more information on updating various plugins:
Wordpress.org – Hardening WordPress – Plugins
Joomla.org – Vulnerable Extensions List
Website security is constantly evolving and changing. You will need to update the software on your sever and local computer regularly to prevent attacks. Make certain that you backup your website regularly in case of an attack so you can have your website back online with minimal down time. Additionally, use an anti-virus software and malware scanner on your computer and scan for both daily.