Useful security tips for your website
In recent few years we have seen great proliferation of tools and services which made it very easy and cost effective to make an online presence for businesses. But these good things have some unfortunate side effects too such as security of your website. Securing your website has been one of the most critical and important task. We have seen many webmasters/administrators don’t even follow the basic security tips / steps to secure their website resulting in security incidents.
In our last article we discussed that Why Someone Wants to Hack Your Website? And now we will share here some basic but very useful security tips for your website to avoid these security incidents.
Say “Good Bye” to Simple Passwords
Choosing a good password is one of the most important thing everyone should do whether its user or admin. Most of the accounts/sites get compromised because of bad passwords such as names or any number (For example: john123, mypassword) .
A good password is at least 8-12 character long and combination of alphabet (mixed case) + number + special character and should be unique. It doesn’t have to be in this sequence but should be very difficult to guess. In addition to this, we must avoid reusing the passwords.
Limit Login Attempts:
Administrators must enforce a policy to limit login attempts or forget password attempts. So if someone is trying to login with incorrect credentials, will be automatically locked out after few attempts. This is very useful in case of brute force attacks when someone tries to use a computer program to get unauthorized access to your website. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. By limiting the login attempts, you can reduce the risk from these bots/computer programs.
Keep Your Software/Web Applications Updated
Most of the hacking attempts these days are completely automated and with bots (computer programs) continuously scanning every site for exploitation opportunities.
Numerous websites are compromised every day because of outdated and insecure software used to run them. If you are using a CMS and plugins, it is incredibly important to update your site as soon as a new plugin or CMS version is available. Keeping your web applications/platform up-to-date is key to keep your site safe from bad guys.
Appropriate User Access
Administrators should follow strict access policy and provide limited access to users which is required to their job. If someone requires elevated access to do certain work, admin can grant momentarily but it must be reduced to their normal access level once the work is completed. A carefully defined access policy will limit any mistakes that can be made, it reduces the fallout of compromised accounts, and can protect against the damage done by ‘rogue’ users.
Whatever you do and no matter how much time you spend on security, hackers may find a way and outsmart you. So its always advisable to keep a full back up of your data. Your site back up is the only help in case of any unfortunate security incident. If you have a backup, you have a way to restore site content and return to normal operations quickly.
Although these steps don’t guarantee that you will not have any security incident or your site will never hacked. But it will dramatically increase the security of your website from majority of automated attacks and reduce the overall risk.
Thank you for reading this article, please feel free to leave a comment and share your thought on this topic.