Needless to say, website security is a major concern for all people in the IT industry. Indeed, web applications are constantly being improved and security is something all web developers pay special attention to. Alas, hackers are not slacking off either. When known security vulnerability is fixed, they either find another way to exploit it or discover a new one very quickly (or in the worst case, both).
And yet, despite the precautions and improvements, a lot of websites are still getting hacked. Why? The main reason is that many, not to say most, users seriously underestimate security as a whole – not only the security of their websites, but the security of their hosting accounts and even the security of their own computers.
And this is an ideal opportunity for hackers to "show off their skills". The hackers keep their "software" up to date - new viruses are developed all the time. And while they keep their applications up to date, many users don't. Once they install an application and start using it, users forget about upgrades and security fixes.
Keeping the above in mind, the next logical question is “What can I do to secure my website?"... Well, I'm glad you asked 🙂
Here are a few things you should always do to keep your website secure:
• Make sure your local computer is safe. For this purpose use reliable updated antivirus software;
• Update regularly your computer's software including its base operating system and any third party software installed.
• Make sure all of your web applications are up-to-date. This includes any modules, components and addons you have added and / or integrated;
• Pick up strong passwords for the different services you use (email, FTP, etc). Never use one and the same passwords for your different online services.
• Avoid having directories with permissions above 755. If your applications require such directories, try to put them outside your webroot (public_html) or place a .htaccess file in them containing "deny from all" to restrict public access to these files.
• Always, and I mean always, back up your website. You should always have a proper backup so that even if someone hacks your site, you can restore its functionality immediately.
You can also check our basic security guidelines for more information on how to keep your website secure. Here are some other useful sites with lots of security tips: bestsecuritytips.com and stopbadware.org.
What do you do to protect your website and applications? We will be happy to hear your experience!