4 Easy (But Little Known) Steps That Protect Your Website From Hackers

In 2015 there were more than 177,866,236 personal records exposed via 78 data security breaches.

The alarming frequency with which websites are hacked, should have actually served as a wake up call for businesses and individuals with websites of their own. However, what has been witnessed is something on the contrary. Many website owners are lulled into a sense of false security that their website may not be the target of hackers. Far from it, regardless of the fact whether a website has a payment gateway, or anything of value, all websites share the same risk as high profile ones.

There is a simple reason behind attempts to hack into websites. A hacker or hackers may try to gain control of the website with the intention of using it as a relay to spam, or to park files with content that is objectionable.  The bottom line is quite simple – all websites share a similar exposure to the risk of being hacked. So, here are a few tips that will help you to eliminate vulnerabilities.


1. Update

This should ideally be something that you do as a matter of routine. If you happen to rely on a service provider who manages your hosting, then it automatically becomes the responsibility of the service provider, and you can relax a bit. However, if you happen to rely on third party software, you need to be on the lookout for update notifications and comply immediately.  Security patches are meant to improve your safety and reduce vulnerability. Do not consider an update to be a chore, it could save you from helpless moments.

2. Prevent Cross Site Scripting Attacks

The injection of JavaScript into your webpages can actually permit an attacker to gain control of user accounts of individuals who visited the infected pages, by lifting their login cookie. This needs to be prevented by ensuring that JavaScript cannot be injected into pages. This is best achieved by CSP or Content Security Policy wherein a header instructs the browser to disable the running of scripts in the domain.

3. Passwords and Secure Hashtag Algorithms

Despite the fact that standard password security recommendations are necessary, many users try to cut corners and use weak passwords. Passwords need to be of sufficient length, a combination of alphanumeric, upper case, and special characters. And it is mandatory that passwords be stored as encrypted values like SHA1 to prevent use of stolen passwords. Securing the website is all about the right kind of preparations for all eventualities and this is absolutely necessary.

4. Safe file uploads

Files that are uploaded to sites can contain malicious scripts that will execute and throw your website open. While it may be difficult to avoid this option of allowing users to upload files, depending on the kind of service or profile maintained for users, it is possible to eliminate risks. This could be by preventing a direct access, and storing files in a separate folder that is beyond the webroot. Secondly, the file permissions need to be changed, to prevent their execution.

The number of countermeasures available to prevent websites from being hacked are numerous and it all hinges on the website owners to incorporate changes at the design and development stage.

Reference Links: