These days just having a website is asking for trouble for your company from opportunist and persistent hackers and cybercriminals. In the same way, as you make sure you lock away hard paper copies of files and sensitive data in safes and other places to stop it falling it to the wrong hands. You need to do the same with your website and adopt the ways to avoid being hacked.
While you may know that someone has attempted to enter your work premises and tried to steal your documents, you often don’t know who has made attempts to your website until it is too late.
In the following post though we will help you by giving you some easy to follow actionable tips for protecting your site from hackers.
#1. Keep Up To Date
Stay in the know when it comes to the current threats from hackers. It is a good and safe practice for your company to stay up to date with the basics of what threats out there so you know how best to protect your site and your company.
#2. Tighten Control Over Access
The best way to keep sensitive information and anything you don’t want hackers to access is at the admin level. Strengthen the names and passwords you use for logins to ensure they can’t be figured out easily. Change things like the default database prefix to something other than WP, for instance. Restrict the number of logins that can be attempted within a certain amount of time, even if password resets are used – because even emails can be hacked. On the subject of emails, avoid sending login username and passwords via email, just in case someone without authorization gains access to that email account.
#3. Update Regularly
It costs software designers money to issue updates for their programs, so they only tend to do it when it is absolutely necessary. Do you always update your security software when you first hear about them or do you put them off? You are just like many companies and business owners. However, the update could be related to a vulnerability in the security, so if you delay updates if you could be giving hackers the chance to attack your system. However, it is important that you test any major updates on a few machines before rolling out across your whole system, that way you can iron out any bugs.
Experienced and skilled hackers can scan through a multitude of websites in the space of an hour looking at the ones that have vulnerabilities and weak spots where they can break in. They also are highly efficient at networking so if one hacker knows how to break into a particular program, then you can guarantee that many hundreds, even thousands of others know too.
#4. Strengthen Security for your Network
It could be that some of the users in your workplace or on your company network could be making it easier for hackers to access your servers, without even knowing it.
Combat this by:
- Making sure logins expire if they are inactivity for even a short period of time.
- Users change their passwords on a regular basis
- Passwords are never written anywhere and are complex and strong
- Devices that are connected to your networks are checked for malware each and every time they are connected.
Consider using penetration testing specialists to identify network vulnerabilities and if these can be exploited – this involves mimicking techniques used by hackers.
#5. Install Web Application Firewall
A WAF or web application firewall can either be hardware-based or software-based and sits between the data connection and your website server to read every single bit of data that passes through to it.
Like many things nowadays, a large percentage of WAFs nowadays are in the cloud and are often provided in a plug-n-play style service. Which means for a very reasonable subscription fee you can access their services. It will block attempts to hack your server and also can be used to filter unwanted traffic like malicious bots and spammers.
#6. Make Your Admin Pages Hidden
It is crucial that you prevent your admin pages being indexed by Google and other search engines. You can do this simply by using the robots_txt file to stop them from being listed. The reason being is that admin pages that are not indexed are much harder to find.
#7. Put Restrictions in Place for The Number of File Uploads
One of the major concerns to your security is file uploads. Regardless of how many system checks they are run through, there are still some bugs that could get through and provide a hacker with access to the data for your site. This can easily be avoided by preventing any direct access to files that are uploaded. Store them away from your root directory and ensure that a script is necessary for accessing them.
#8. Utilise SSL
When you have to transfer personal information of users between your database and website, make sure you utilize encrypted SSL. This stops unauthorized individuals from reading or otherwise intercepting the information while it is being transferred.
#9. Make Backing Up a Regular Practice
Back-up might not be able to stop hackers from doing what they are going to do. However, it does give you a contingency plan if the worst happens. Make it a regular practice in your company to back everything up. Back up on site, off-site and do it multiple times each and every day. You should make sure that any time a user on your network makes or saves a file that several backups are made in different locations.
Backing up every day means you can potentially save all the data created or filed that day if your hard drive fails. It is worth remembering that all hard drives eventually fail.
If you are unsure if the measures you have in place are sufficient enough, as well as taking on board the above tips, you could also have an IT health check carried out.