backups, Brute Force, Cloud web hosting, cPanel web hosting, DDoS, dedicated server, Fraud/Security/Spam, fully managed vps hosting, Http, Https, Linux, Linux Hosting, Malware, Passwords, reseller hosting, Secure Socket Layer, shared web hosting, SSL, virtual private server, VPS Hosting, Web hosting, web hosting provider, Website SecuritySep 24, 2014
9 Website Security Tips to Keep Your Site Sound and Secure
Websites are more prone to security holes and back doors more so now than in the past. Recent hacks on larger retailers continue and despite the technology industry’s attempts to create rock solid systems, security issues still occur. While you may have taken time to design and create a beautiful site that indexes well
and attracts multitudes of visitors you may have overlooked the deeper security concerns that could cause your site to come crashing down. While some hackers may exploit your site to steal data or create mass complications on your website, most hacks are designed with the overall intention of stealing your server. Once your server has been compromised via your website then malicious activities can be performed. Your server could be used for spam, or other illegal activities. Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 9 tips to help keep you and your site safe and online. Shore up your website and close holes that could lead to problems you would rather not encounter.
While some may think a strong password is a hassle, the greater headache could be an infiltration of your website and the possible exploitation of your information. Passwords that include uppercase and lower case along with numerical and special characters that combine for 10-15 spaces long will make for a strong password. Change them around every three months. Don’t ‘use redundant passwords. This means do not use the same password for all of your sites or programs. Easy passwords are another portal for exploitation. Common easy passwords, and there are lists of these, are the first ones that are checked. Password vaults are a handy solution for ease of use and the overall organization of your passwords. Take the first step to better security and check your passwords to see if you are at fault on any of these points.
Current Versions of Software
Software gets updates and new versions for many reasons which generally include features and fixes for known problems. Updates and versions are for the most part or in many cases for security reasons. Sometimes a backdoor has been found which can leave the platform vulnerable and updates provide a solution to this type of problem. When you don’t update and you leave your system or website wide open to a security vulnerability you aren’t doing a service to yourself, your clients or your visitors. Keep regular updates on your software not for the new features you may not care for but more for the background updates that have been put into place against weaknesses which may not be evident to you but are very clear and defined routes into your system for hackers and attacks.
Secure Socket Layer certificates (SSL) are necessary if you are an e-commerce site or a website that keeps sensitive information such as e-mails, phone numbers and passwords. Once an SSL certificate
is enabled on your server an extra level of security is in place. Visitors to your site will take note of your https, note the “S”, as a designation of a site that has a higher level of scrutiny in place. Visitors will be more likely to trust your site and purchase products and/or provide sensitive information which they might not pass on a less secure http website. Adding this level of protections ensures to you and your clients that sensitive information won’t be easy to reach. Established lines of trust have the benefit of bringing you more repeat visitors and potential sales. Goggle also now has decided that websites which are marked by https are very reliable and trustworthy and thus ranks them higher than sites that are not as well protected. Adding an SSL certificate does have a cost but the benefits far outweigh the actual cost of even one exploit.
Keep Your Scripts Up to Date
Out of date scripts can get you into trouble much the same way that outdated software does. If a script has been in play for a long time it is possible that a backdoor or a weakness has been found in it. If you have scripts you are not using then you will want to delete them. Scripts could be running functions or performing tasks without your knowledge and these tasks could be ruining the reputation of your server or even hogging resources for other purposes. Many hacks are also run by automated scripts that are designed to surf the Internet looking for known website security issues in software or older scripts that may be left on your server. While scripts can be handy they can also present hazards. Update your scripts and delete old ones. This simple practice will create a better and more secure environment for your server and your website.
Malware is malicious. You may have gone to a website and downloaded what seemed to be a legitimate program but once you installed it you let a background program run rampant in your system. It is often the case that compromised systems are used for spam campaigns or DDoS attacks. A malware infection can destroy data or corrupt it beyond repair. Protect yourself by downloading only programs you know are from reputable providers. Another precaution is to always keep backups of your data. You never know when malware or even a disaster event could strike and wipe out your data. Use redundant sources so your data if it is lost at one location it can still be restored from another. Malware prevention options are abundant and with the security breaches of today you will want to consider a virus program that includes malware protection or an additional program which knows when, where and how malware strikes and prevents intrusions before they mire themselves deep into your systems.
CloudFlare can be enabled through cPanel on most hosting plans at JaguarPC. It is an easy no cost addition which can provide you with additional level of security. CloudFlare in recent years has become one of the top security platforms that can be added to your server. They have thwarted some of the largest distributed denial of service attacks in history. CloudFlare is constantly searching for new types of threats, ways and means to deal with them. SQL injections, cross site scripting, comment spam, and email harvesters as well as excessive bot crawling are a few of the types of security concerns that CloudFlare can address. Check your cPanel control panel for the CloudFlare icon for a near one click install. CloudFlare will also enhance your site performance which can enhance the returns in the search engines for your website.
WordPress is one of the most popular blogging and website platforms
available. Since so many websites run on WordPress it is often a target for those looking to hack in. One of the best practices you can take is to update your WordPress versions as they come out. Again, this is similar to updates for scripts ad software. Over time those who wish to exploit system will find weak spots and then slip in and create havoc or perform damage. Version updates usually include a few security patches so keep on top of them. While WordPress itself takes action to fix security problems, the themes that many people use can also contain unknown backdoors. Many different authors write themes and sometimes the intention can be to distribute a theme so that once it is in place, it provides an open door for those who know the weakness of the theme. Choose themes from known and reliable sources and always check a theme on a search engine to see if any vulnerabilities pop up in the results.
Despite doing everything you should to provide the essential security you could still become the victim of an attack. If your website is compromised then you could lose all of your data. Months or even years of hard work could be lost. While WordPress offers a backup system and JaguarPC offers free daily backups, you should also consider “at least” one other source. Don’t rely on one copy because mishaps can occur and disasters can happen. These types of events could wipe servers clean and leave you without another copy. There are many types of data storage and disaster recovery systems
available across the web or even from your web host. Multiple copies of your data is the safest bet.
Brute Force Attacks
Brute force attacks are just that. The most simple means of breaking into a system is used. A brute force attack tries all user names and password in order to eventually gain access to a site. This is why passwords of a higher level of strength are urged by providers of all types of SaaS as well as web hosts and others types of services and platforms. During a brute force attack you may notice a spike in resource usage and a drop in performance due to the number of http requests. While it may be easy to put in a known and popular password it won’t be so simple to restore your site or your user’s faith in the security of it if you become the victim of a brute force event.
The listed security tactics are all good means to secure your site and significantly reduce your chance of data loss, havoc on your website or comprised information that your clients have entrusted to you. Take a run through your website and across your accounts to see where you can patch up any holes in your security strategy. While some web designers may think it would be more prudent to work on a new blog or to take some time creating a new page, the real best use of your time as a web master should go first to making sure that your site is locked down again intrusions. The time spent shutting all the doors to any vulnerabilities on your website could be priceless in the end.