in

Halt the Hackers: How to Make a Website Secure

Eviction notice letter pasted on front door of house

You might think hackers aren’t interested in your site, but you’d be wrong. Last year, hackers infected 83% of all WordPress sites. They’ll hack anything and everything.

Why? They go after smaller sites so they can use the servers. They’ll use them to send spam email, launch attacks on other sites, or even mine Bitcoins.

They also know that small websites are easier to hack. But it doesn’t have to be that way. By taking a few simple measures, you can secure your website against hackers.

In this article, we’ll teach you the basics of how to make a website secure.

Make Sure Your Site Uses HTTPS

HTTP stands for hypertext transfer protocol. Think of it as the language of the world wide web. When you visit a website, your browser connects to that website’s server using HTTP.

But HTTP by itself isn’t secure. Someone could intercept the signal and steal your info. Or they could talk to your target server and pretend to be you.

HTTPS, or secure hypertext transfer language, solves these issues. With an HTTPS connection, all of the messages are encrypted. There’s no way for a hacker to insert themselves in between the browser and the server.

And HTTPS is about more than security. Google now marks all non-HTTPS sites as “non-secure” and punishes them in their rankings. So, if you want to attract new visitors, switch to HTTPS.

Update Your Software

This is another easy measure you can take to make your website more secure.

Hackers are always looking for weaknesses in software platforms. And developers are always working to update their software to fix the weaknesses hackers find.

Having out-of-date software on your website is like having an old, creeky back door. With a little bit of effort, a hacker will probably be able to break in.

So, update your software whenever you get the chance. And that goes for all your software. Pay attention to small things like WordPress plugins and web apps as well.

Be Careful With Uploaded Files

Does your site let users upload profile photos? This seemingly harmless feature can spell big trouble if you’re not careful.

Hackers can use file uploads to put malicious files on your server. You can still allow users to upload photos, but there are few things you should do to make it a safe process.

By default, your web server won’t execute image files. But a hacker could upload an executable file and trick the server into executing it. For example, they could upload something called virus.jpg.exe and it would look like a jpeg file, but the server would see the .exe and execute it.

One way to defend against this is to simply rename every uploaded file. If you force every file to be in image format, the server won’t execute them.

To be extra safe, keep all uploaded files in a file separate from your webroot. By keeping everything partitioned, you’ll prevent any potential malware from damaging your site.

Defend Against SQL Injection Attacks

SQL injection attacks are old-school and they won’t work on most newer sites. But when they do work they can be devastating.

What is a SQL injection attack?

A SQL injection originates in a user input field. In many cases, the back end of your website will create SQL commands using information from user input fields. SQL commands manipulate a database by either adding information, changing information, or retrieving information.

So, if the hacker guesses what the SQL command looks like, they can alter it by entering SQL syntax into the input field. And if they enter the right SQL syntax, they can access and manipulate your database.

It’s an advanced concept, but it’s important that you understand it if you want to keep your data safe.

Defend Against XSS Injections

XSS injections are similar to SQL injections, but instead of SQL, XSS injection attacks use javascript.

The attack usually originates in a user comment. A hacker will add a comment to your site which contains malicious javascript. The javascript will then run on your users’ browsers, possibly compromising their security.

Much like SQL injections, XSS injections are an advanced concept, especially if you’re new to coding. Mozilla has put together a good guide on how to deal with XSS that will help you get started.

Password Security

You’ve probably signed up for websites that have a list of annoying password requirements. It may be frustrating, but it serves an important purpose. If hackers access your users’ accounts, you’re responsible.

First, make sure they choose secure passwords. That means long passwords with a variety of character types.

Then, hash them before you store them in your database. You won’t actually know what your users’ passwords are. (That’s why when you forget your password to a website, you always have to make a new one.)

Perform a Managed IT Services Checklist

If you have no idea where to start, make a managed IT services checklist. This will show you areas where you may be vulnerable. And it will help you determine if you need professional help. Read more here.

How to Make a Website Secure

Those are the basics to website security. Now that you know how to make a website secure, it’s time to apply your knowledge.

You’ll need to be diligent if you want to stay ahead of attackers. But it’s worth it if you want your business or blog to survive.

If you found this article helpful, head to our web design blog for more info about how to improve your website.

Written by CrazyLeaf Editorial

Follow us on Twitter @crazyleaf , Facebook , Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Loading…

Youtube Influencer

10 Advanced Tips To Grow Your YouTube Channel Quickly!

website design investigation

10 Signs You Should Invest in a New Website