Hackers are a growing concern for businesses, bloggers, website owners and web hosting companies. With recent reports of high profile hackings and the staggering number of compromised customer information, cybersecurity is at the forefront of everyones attention, from large scale enterprises to small businesses and even web hosts. Websites are powerful tools for the growth of your organization but hackers can access security vulnerabilities in them to expose your company and visitors to viruses or malware and commit other criminal actions such as stealing vital company information or sensitive customer data.
Everyone on the web must be careful but business owners have the added responsibility of keeping customer data safe and secure. Your website may be more vulnerable, if it functions as part of a shared hosting platform so be sure to ask your hosting company about their security measures. Though your website may be managed by the hosting service for the most part, you still should actively safeguard your site from the most common nasty hacks. In this article, we share with you what you can do to foil hackers and maintain the highest level of security at all times.
Most Common Hacks
- Here are just a few of them more common hacks that you should be aware of:
- Cross-site scripting (XSS) attacks from malicious code in an app that pass the script onto unsuspecting end-users
- DDOS attacks that flood the server with legitimate requests to disrupt a serverxe2x80x99s functionalities
- Brute force WordPress attacks that use code vulnerabilities or plugin weaknesses to change permissions or inject malicious code
- Clickjacking where visitors are tricked into clicking on an invisible layer to trigger malicious code strings
- DNS cache poisoning to divert traffic from legitimate servers to fake sites
- Social engineering cyber attacks that trick users into performing certain actions to do harm
- Symlinking where hackers use security loopholes in a site to gain root access to the entire server to potentially take down all websites on the server
Simple Measures to Keep Your Site Secure
With so many different attack vectors, what measures can you take to protect your assets and your reputation from being compromised? Here are 5 things to do today to protect from common hacks.
1. Keep Platforms, Applications and Scripts Up-to-date
The best way to protect your website is to ensure that any platform or scripts you have installed are always up-to-date. Regardless of the applications or software being used on the website, always subscribe to security releases and updates related to your application. Do not depend on auto-install scripts for updates, especially when a new CMS update comes out. Making sure you always have the newest versions of your platform (Joomla, WordPress, or Drupal) and scripts installed can help to protect your website from known security vulnerabilities. It can thwart hackers from taking advantage of older out-of-date software. It is also easy for hackers to gain access to your site if they know what version you are using, so where possible make it difficult for browsers to identify the CMS you are using and disguise script extensions. You can install extensions to automatically remove this information from files on your website which helps prevent common hacks.
2. Use High Level Encryption
It is absolutely essential to make sure that any information being sent over a network is always encrypted. You may be familiar with FTP (File Transfer Protocol) if you have uploaded files to your hosting account. If you are using an FTP client, switch to SFTP, which is more secure. SFTP refers to Secure File Transfer Protocol as it gives an additional layer of protection. There are malware and viruses designed to exploit weaknesses in FTP programs to intercept your website files and even modify them. SFTP blocks this vulnerability. Protect your computer from viruses, spyware and malware by installing a reputable antivirus program that can monitor and track intruders on your machine. If your business engages in online transactions, then you should use secure encryption (https instead of http), and make sure that your webmail service has an SSL-enabled port and SSL encryption.
3. Install Security Plugins
Besides making sure that your platform and scripts are updated regularly, look into installing security plugins to actively prevent hacking attempts and enhance the security of your site. For example, if you are using WordPress, you can install free plugins like iThemes Security and Bulletproof Security to foil hackers. Look for similar security tools that are available for websites built on other content management systems to plug the weaknesses inherent in each platform that can threaten your website.
Alternatively you can look at advanced security solutions like SecureLive to close security loopholes, monitor for vulnerabilities, detect malwares and actively scan for viruses. It can seamlessly integrate into a variety of platforms including: Joomla security, WordPress security, Drupal security, and E107 security. HostLabs can provide this proven managed security system for your website or server for an amazing low price of just $9.95 per month per domain.
4. Lock Down Files and Directories, and Check User Permissions
All websites comprise of a series of files and folders containing all of the scripts and data needed for it to work and these are stored on your web hosting account. All of these files and folders are assigned a set of permissions to control who can read, write, and execute them depending on the user or the group to which they belong. There are many private areas on a site that should not be accessible to the public so permissions for read-only files should be set appropriately. It is vital to regularly audit and review those permissions to prevent common hacks.
5. Hosting Company
Your choice of website hosting company is an all-important factor in securing your website. All website hosting companies are not created equal as not everyone will offer the same level of security. You must make sure that your host is dedicated to preserving your assets and has the expertise and staff to monitor website activity and prevent hackers before they can access your website and files by using scanners and other advanced security protection. Check to make sure SFTP, SSL certification and adequate server maintenance is available to you through your web host and that they are always on top of upgrades and patches.
The Bottom Line
Not having proper security measures in place for your site can have a devastating effect on your business, especially if it results in loss of income or identity theft. So make sure to use all these different strategies to keep your site healthy and safe in the long term. And for any security issues regarding your website that you are not comfortable correcting on your own, consider enlisting the help of your web host or check out their forum.