Website security needs constant attention in avoiding hacking and defeating efforts of spammers. It may be due to poorly written codes. However lot of foolproof methods are suggested by the experts to safeguard them. Few important measures are listed below:
- Always use strong passwords. Passwords having combination of alphabets, numerals and special characters should be given prominence. It must have at least 10 characters and should not reflect inner persona. Lastpass, keepass like apps can generate and store passwords safely.
- Add a database table prefix. Users of CMS, forum script or blog can change default database table prefix like ‘wp’ for WordPress. This prefixing shall check pilferage of data from database.
- Use password to protect database. Database password does not slowdown the website while getting to database and more over additionally protects it.
- Update the website constantly. Up gradation to newer versions is must as point upgrades fix bugs in script and has importance like full version upgrades.
- Secure Admin E-mail address. It helps to keep away website from public eyes. Use of different email address in contact page shall help in not being scammed by a hacker as the mail has been sent by domain registrar or hosting Company.
- Delete the installation folder or rename it. Hacker may run the installer again and can empty the database, gain control over website and its contents.
- Restrict the root access. Non system folder in FTP uploads must be restricted from approaching the website. Always use FTPs for transfers. Make sure that web host uses SUPHP.
- Only secured FTP access should be allowed. It will help in maintaining secrecy for the contents you are downloading or uploading from and to the web server.
- Change file and folder permissions. Using 777 codes on vital folders like admin, config etc give full read and write access to websites and codes 755 or 644 reverses the permission. Be savvy.
- Use security plug-ins. WP security scan plug-in is quite useful. Plug-ins if installed gives extra layer of security to website.
- Add robots.txt file to secure the website as it gives special instructions to search engine spiders as to which folders or files shall be indexed and which were not.
- Stay away from nulled scripts and themes. It is very easy to hack commercial scripts and paid themes. Absence of version specific keygen, smaller sizes, DLL patches, typical Daemons and cracks are also prone to hacking.
- Read leading tech blogs to be aware of latest bugs. Get first hand knowledge of bugs, vulnerabilities and attacks on internet from latest writings in blogs like Weird Threat Level, Kreb’s on security etc.
- .htaccess files are must to specify for security restrictions.
- Mind the links. Open redirects are a major cause of attacks from hackers.
- Monitor the site regularly and keep routine back ups for safety.
If website gets hacked, get it back on line immediately. Rebuild website security system to it never happen again.