3 easy steps to secure your website from hackers

djsmiley2k

Well-known member
Registered
Joined
Jul 10, 2016
Messages
198
Points
18
As a webmaster, it is a total nightmare to face the violation of a website that is under our administration. The basic idea is to make backups periodically so that you can back up at the right time, but without a doubt, this is a tedious task.

Currently there are tools that can help to know the hosting to any person, the web technology that uses, the CMS and data of this. To prevent website crashes, we share 3 helpful tips to protect a website .

1. Keep Platforms and Scripts Updated

Nowadays vulnerabilities have become commonplace in the world of the web. These security flaws are used by computer attackers to take control of the web, and many times this is avoided with something as simple as an update.

As an example, if you are using WordPress on your website , and with some plugins, your web can be broken either by CMS failure or by plugins. Always having the latest versions of your CMS and installed scripts minimizes the risk of a hacking.

2. Install Security Plugins when needed

Once again, I will take as an example the CMS WordPress, I do, since this is one of the most popular content managers currently. In CMS you can find useful plugins to improve the security of websites, such as iThemes Security .

If you are developing a site in HTML, SiteLock insurance will be very useful. SiteLock goes beyond simple blocking, provides daily monitoring for everything from malware detection to identification of active virus scanning vulnerability and more.

3. Adequate Permissions Of Files And Directories

In the Linux operating system, permissions can be viewed as a three-digit code and each digit is an integer between 0 and 7. The first digit represents the permissions for the owner of the file , the second digit represents the permissions for Any person assigned to the group to which the file belongs , and the third digit represents the permissions for all others . The assignments work as follows:

4 is equal to Leer
2 is the same Write
1 is the same Run
0 is equal to no permissions for that user

As an example, take the authorization code "644." In this case, a "6" (or "4 + 2") in the first position gives the file owner the ability to read and write to the file. The "4" in the second and third positions means that both group users and Internet users in general can read the file only, thereby protecting the file from unexpected manipulations.

A good rule of thumb for setting permissions is as follows:

Folders and directories = 755
Individual files = 644

Do you have any easy tips to secure your website from hackers?
Please add below if you have one

:)
 

hostinfuse

Member
Registered
Hosting Provider
Joined
Apr 17, 2017
Messages
51
Points
0
Wow, nice article.
i am sure there are more things that can secure a website. would really help if you could do more research and post it over here :)

Have a nice day
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
As a webmaster, it is a total nightmare to face the violation of a website that is under our administration. The basic idea is to make backups periodically so that you can back up at the right time, but without a doubt, this is a tedious task.

2. Install Security Plugins when needed

Once again, I will take as an example the CMS WordPress, I do, since this is one of the most popular content managers currently. In CMS you can find useful plugins to improve the security of websites, such as iThemes Security .

If you are developing a site in HTML, SiteLock insurance will be very useful. SiteLock goes beyond simple blocking, provides daily monitoring for everything from malware detection to identification of active virus scanning vulnerability and more.
I agree about the importance to keep plugins and CMS up-to-date and to use the proper files permissions, but I do not agree about security plugins. Wordfence or iThemes Security are heavy plugins, useless without paid subscription and very expensive. There are several way to protect your website by using correct settings on your web server, with .htaccess for Apache, or with Nginx configuration files.
 

casualhost

Active member
Hosting Provider
Registered
Joined
May 19, 2017
Messages
79
Points
0
Disabling Root SSH Logins also prevents bruteforce attackers
 

Bryan McClure

Well-known member
Registered
Joined
Jul 20, 2016
Messages
271
Points
18
Disabling Root SSH Logins also prevents bruteforce attackers
This will require to create the second root account to login? If so, why we need to disable root ssh logins?

I agree about the importance to keep plugins and CMS up-to-date and to use the proper files permissions, but I do not agree about security plugins. Wordfence or iThemes Security are heavy plugins, useless without paid subscription and very expensive. There are several way to protect your website by using correct settings on your web server, with .htaccess for Apache, or with Nginx configuration files.
I agree with VirtuBox but if they are free, you can use it once and remove after checked your websites.
 

casualhost

Active member
Hosting Provider
Registered
Joined
May 19, 2017
Messages
79
Points
0
I forgot to mention, maybe create another account not name root, as most bruteforce try to force their way in wirth root as the username
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Disabling Root SSH Logins also prevents bruteforce attackers
It's not required to disable root SSH login. The best way to make sure bruteforce will never find your password is to use SSH keys, and to restrict root login with SSH keys.

Root user should be the only account on your server with all permissions. Giving the same permissions to another user is just adding another security issue on your server.
You can login with another account and use "sudo" when you need to perform tasks with root permissions.

But we are talking here about basic security rules to apply to any linux server.
 

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top