6 Ways You Can Protect Your Website from Hackers
Computer hacking is a major worry for website owners all over the world, from independent companies to large multinational corporations. Even the United States government has been susceptible to a string of cyber-attacks in recent years, with state secrets and the personal details of millions of citizens under threat.
Recent high profile targets in the UK have included dating website Ashley Madison and phone company Talk Talk. Private data, including real names, home addresses and credit card transactions, were accessed by illegal means.
The culprits have been known to range from foreign terrorist groups to disillusioned activist insiders. In the case of Talk Talk, the perpetrator was revealed to be a 15 year old boy from Northern Ireland.
This shows the danger your website is in; hackers from any demographic, anywhere in the world can use hacking software to cause damage. Not only will your company suffer major embarrassment and most likely lose customers, you may also be liable for the loss of personal information and face legal action.
To help prevent hackers from accessing your website easily, the initial approach is to tighten up basic security measures and do so on a regular basis. For example, passwords should be strong, changed every so often, and vary from other websites you use. If you offer a login portal yourself, incorrect access attempts should be limited to prevent unauthorised access.
In addition to this, you should have antivirus or antimalware software running on your system to protect from attacks. Ensure that any downloads and devices are checked for viruses also.
As the website owner, it is your job to ensure that every piece of software on your system is up to date. Most operating systems will run and install updates automatically but it is best to run manual checks to keep ahead of the hackers – this includes updates for any third party software or plugins such as a chat forum. If you use website hosting from a company such as WordPress, then ensure their updates are also applied.
Your website may allow files to be uploaded by users; this could include anything from an mp3 to a new profile picture. This has been a widespread means for hackers to gain access via contaminated files that, when executed, cause all sorts of problems. Some uploads are cleverly disguised which makes detection even harder.
To help prevent this, your options are to rename the file when uploaded to ensure any extensions are valid, or simply change file permissions. The final step is to store uploaded files outside of your website to prevent direct access altogether.
Every computer which attempts to access your website will expose an IP address. To enhance security, you can block any IP address that has been causing you problems or prohibit access from certain foreign countries. A common procedure is to ban any IP address, apart from your own of course, from accessing the administrative section of your website.
Install a Web Application Firewall as a first line of defence against potential attacks and malicious software. These firewalls will inspect incoming requests and thwart bad extensions, whilst offering protection from a range of technical attacks. There is a range of commercial and free website security tools which can be integrated onto your website, such as Netsparker, which offer automated tests to show the potential threat level.
Other tips to protect your website from hackers include removing auto-fill forms from your pages. With them, stolen smartphones and unsecured public networks can leave accounts vulnerable to attack.
You shouldn’t give out clues to assist brute force attacks, i.e. by revealing the hacker has guessed the username correctly but not the password. Your message should read ‘incorrect username/password combination’ to prevent this from happening.
Regular back-ups should also be made in the case a cyber-attack does infect your system and delete files. This can save you a great deal of work and provide peace of mind when it comes to overall website security.
Author bio: Jade Waddy is the editor for Big Brother All Security and has an NOCN level 3 in Journalism. She writes on all manner of subjects but specialises in technology.