20 Tips To Increase Website Security
Few months back, we had a hard time in getting SloDive out of the clutches of hackers who most probably hacked our website just for “fun”, but we the victims and the readers had to suffer in regard to content and mental peace. It was then, we realized how important it is to increase Website Security and regularly update it without any fail. Don’t wait for hackers to do their job first because although you will learn a lesson for life, but sometimes you are left with nothing.
You loose your readers trust (as they get Malware warning from your site), your sponsors, your hard earn money (in getting back the stuff) and sometimes even the last letter of your entire data. It is always better to be safe than sorry, so we have come up with some important measures you should take at once to tighten your Website security and review it periodically.
If you like this article, you might be interested in some of our other articles on Top Free CMS, Top Things To Know About Hosting Security, The Risks Of Hosting, and Create Personal WordPress Login Page To Strengthen Your WordPress.
Obscure your Configuration Files
Don’t challenge and encourage Hackers to show their skills and expertise by keeping these important files in ‘public_html’ folder as this folder is visible on internet. Also keep these files password protected. Block the wp directories from search engines to hide your installations. Add Disallow: /wp-* string to your robots.txt files.
Fixing Writable Permissions
As the general rule, Website Files should be set at 644 and Folders to 755. This can be done through FTP client or manually through Control Panel > File Manager > Select File > Change Permissions.
Use a secure network to connect to your account
While it is a simple measure but very important aspect for ensuring your Website Security. Your wireless connection should have a WPA or WEP encryption. Try not to use shared networking.
Check for any Malicious or Suspicious Files
Although you will find many unacquainted names of the PHP application generated files but you should still lookout for any name sounding too malicious.
Strengthen Database Security
When you are running Multiple Websites, it become all the more important to strengthen your Database Security. When installing WordPress, keep Separate Database Management for each blog.
Limited Website Access
Look for any possible entry from where hackers can overpower your Website.
Security Plugins for WordPress
There are some very good plugins you can install in WordPress to enhance your Website Security. Some of these Plugins are mentioned below:
Moreover keep updating plugins to the latest versions and if you find it extremely useful, you can also go for a Pro Version.
Report Security Issues at Once
Report any security related issue to the help desk without waiting much. Its better to ask than presume things.
Update all Scripts and Applications
Whenever you get an notification regarding latest version of the Scripts or Applications you use, you should update it immediately without any delay.
Invest in a good Anti-Virus/ Spyware
All other security measures mentioned till now will be futile unless you make your Computer safe and secure for use. Don’t compromise on security by installing a “cracked Version” of antivirus. Recently one of my friend installed such “cracked version” in Kaspersky and the first message he got after installation was regarding detection of a Malware software on his computer which was the software he used to generate an activation code for the antivirus.
Free Anti-Virus Applications
There are few free applications that you can install to shoo away any Malware or Viruses. You can try and test some of these Free apps although free or Trial versions are not equipped with full features.
- PC Tools Anti-Virus
- Ad-Aware Anti-Malware
- ClamXav (For MAC)
- ClamWin
- Malwarebytes Anti-Malware
- PC Tools iAntiVirus (For MAC)
- Emsisoft
- avast!
- ClamAV
- Avira
- Panda Cloud Antivirus
etc
Network Vulnerabilities
Whether it is your server or the Network, be extra careful to use only the trusted ones. A little casualness can cause huge losses.
Get rid of Spam with High Registration Security
In Registration Spam, fake users accounts are created on blogs as possible to add the links and text they wish to for their dazed SEO campaigns. To prevent this, go for High Registration Security. You should get rid of comment spam by installing a Comment Antispam system like Akismet or SABRE Plugin.
Hosting and Domains
Always use affiliate credit to buy or renew hosting and domains. You can read our previous articles on 4 Top Things To Know About Hosting Security and The Risks Of Hosting to know more in this regard.
Change your Password Periodically
Make it a habit to change your Login and Database Passwords Regularly. Go for strong passwords to make it difficult to guess. You can also try Automatic Password Generators to produce Long and Strong Passwords that are extremely hard to crack. Checkout some of these Password Generator Websites
Regular Data Backups
Back up your data regularly, including your MySQL databases so that you don’t have to remorse in case your site is hacked and everything deleted.
Secure Sockets Layer (SSL) Certificate
With increasing awareness among the netizens, E-commerce sites without SSL certificate are not considered safe anymore. Buyers don’t want to share their financial details on unsecured sites.
Security Check
Do regular security checks and audits to ascertain any loophole left. You may even ask your friend with a knowledge of Ethical Hacking to check out for any possible entry points for cyberpunks.
Delete Unnecessary Database and applications
Your Account is not a trash can to keep every Unnecessary Database, Scripts and applications you had once installed but never used it.
Contact your Web Host instantly in case of Hacking
If your Website gets hacked due to some reason, contact your Web host immediately to avert any major loss. More the delay, more the chances of irrecoverable losses.
Subscribe to SloDive (it's free)
This is a piece of cake for me as I have also a blog to run. This will help me a lot in times of trouble so I bookmarked it right away I have seen this post. This will be helpful for many people. Thanks for providing us such an informational post.
I like the topics, but the information are not too explained.
In addition to this, we need to keep WordPress up-to-date. WordPress security is something to take seriously to keep your site safe will save you many, many hours of frustration (the cure part) if you need to un-hack your site.
Might also install the WordPress Firewall plugin by SEO Eggheads. Don’t ask me what it does technically but it’s one of the plugins that John Hoff recommends in his WordPress security eBook :P
Another option for a password generator site is passwordgenerators.net. One thing to remember about passwords is to create them long enough that they’re secure, but not so long that you can’t remember them and end up putting them on a sticky note under your keyboard – totally defeating the purpose of having a secure password in the first place!
I think it is important to use a strong password,that is never thinkable. I recommended to use length password.
Thank you.
@dave as you said password generator is passwordgenerators.net..but that’s not too good i think..i used it before there are some problem with it and it loads slowly…anyway…the pics are glasssyy..
Since hackers are really active these days, this is a must read post for web masters. Thanks for this nice info :)
These tips are informative, thanks for sharing, I will be able to secure my website from malware attack.
I think all of the the tips are very effective & Informative thanks for Sharing this article
I tell my clients all the time that it’s not a matter of “IF” your site will be hacked, but “WHEN”!!! Remeember, we used to say that about hard drives crashing. Times are a’changing!
Now a days hackers are targeting high populated blogs.. So every blogger must take some security measures to avoid getting hacked.
Thanks Sunalini. very useful tips indeed!
We need all the security tips we can get, I disagree about passwords, they need to be ones we are familiar with, otherwise, we’re always be requesting new ones. Putting a number on the end of the word often helps.
Thanks for this article. Really needed something like the plugins in the WordPress Security Plugins category for one of my blogs.
Security is very important for everything and we should follow these tips to increase security of our website or blog.
Great tips listed here.
I must say that regular back up is a necessity.
I think these points mentioned here needs to be discussed in-detail. It should be more on “how” to prevent hacking.