3 easy steps to secure your website from hackers

As a webmaster, it is a total nightmare to face the violation of a website that is under our administration. The basic idea is to make backups periodically so that you can back up at the right time, but without a doubt, this is a tedious task.

Currently there are tools that can help to know the hosting to any person, the web technology that uses, the CMS and data of this. To prevent website crashes, we share 3 helpful tips to protect a website .

1. Keep Platforms and Scripts Updated

Nowadays vulnerabilities have become commonplace in the world of the web. These security flaws are used by computer attackers to take control of the web, and many times this is avoided with something as simple as an update.

As an example, if you are using WordPress on your website , and with some plugins, your web can be broken either by CMS failure or by plugins. Always having the latest versions of your CMS and installed scripts minimizes the risk of a hacking.

2. Install Security Plugins when needed

Once again, I will take as an example the CMS WordPress, I do, since this is one of the most popular content managers currently. In CMS you can find useful plugins to improve the security of websites, such as iThemes Security .

If you are developing a site in HTML, SiteLock insurance will be very useful. SiteLock goes beyond simple blocking, provides daily monitoring for everything from malware detection to identification of active virus scanning vulnerability and more.

3. Adequate Permissions Of Files And Directories

In the Linux operating system, permissions can be viewed as a three-digit code and each digit is an integer between 0 and 7. The first digit represents the permissions for the owner of the file , the second digit represents the permissions for Any person assigned to the group to which the file belongs , and the third digit represents the permissions for all others . The assignments work as follows:

4 is equal to Leer
2 is the same Write
1 is the same Run
0 is equal to no permissions for that user

As an example, take the authorization code "644." In this case, a "6" (or "4 + 2") in the first position gives the file owner the ability to read and write to the file. The "4" in the second and third positions means that both group users and Internet users in general can read the file only, thereby protecting the file from unexpected manipulations.

A good rule of thumb for setting permissions is as follows:

Folders and directories = 755
Individual files = 644

Do you have any easy tips to secure your website from hackers?
Please add below if you have one

Wow, nice article.
i am sure there are more things that can secure a website. would really help if you could do more research and post it over here

Have a nice day

djsmiley2k said:

As a webmaster, it is a total nightmare to face the violation of a website that is under our administration. The basic idea is to make backups periodically so that you can back up at the right time, but without a doubt, this is a tedious task.

2. Install Security Plugins when needed

Once again, I will take as an example the CMS WordPress, I do, since this is one of the most popular content managers currently. In CMS you can find useful plugins to improve the security of websites, such as iThemes Security .

If you are developing a site in HTML, SiteLock insurance will be very useful. SiteLock goes beyond simple blocking, provides daily monitoring for everything from malware detection to identification of active virus scanning vulnerability and more.

Click to expand...

I agree about the importance to keep plugins and CMS up-to-date and to use the proper files permissions, but I do not agree about security plugins. Wordfence or iThemes Security are heavy plugins, useless without paid subscription and very expensive. There are several way to protect your website by using correct settings on your web server, with .htaccess for Apache, or with Nginx configuration files.

Disabling Root SSH Logins also prevents bruteforce attackers

casualhost said:

Disabling Root SSH Logins also prevents bruteforce attackers

Click to expand...

This will require to create the second root account to login? If so, why we need to disable root ssh logins?

VirtuBox said:

I agree about the importance to keep plugins and CMS up-to-date and to use the proper files permissions, but I do not agree about security plugins. Wordfence or iThemes Security are heavy plugins, useless without paid subscription and very expensive. There are several way to protect your website by using correct settings on your web server, with .htaccess for Apache, or with Nginx configuration files.

Click to expand...

I agree with VirtuBox but if they are free, you can use it once and remove after checked your websites.

I forgot to mention, maybe create another account not name root, as most bruteforce try to force their way in wirth root as the username

casualhost said:

Disabling Root SSH Logins also prevents bruteforce attackers

Click to expand...

It's not required to disable root SSH login. The best way to make sure bruteforce will never find your password is to use SSH keys, and to restrict root login with SSH keys.

Bryan McClure said:

Exactly and I found a way to do this from this post https://forumweb.hosting/13402-how-to-create-a-new-user-with-root-privileges-in-linux.html

Click to expand...

Root user should be the only account on your server with all permissions. Giving the same permissions to another user is just adding another security issue on your server.
You can login with another account and use "sudo" when you need to perform tasks with root permissions.

But we are talking here about basic security rules to apply to any linux server.