This article explains how to protect your website from cyber attacks. Using an SSL certificate and the HTTPS protocol is the easiest way to secure an address, but there are other precautions you can take to prevent hackers and malware from compromising your site's security.
Steps
Step 1. Keep your website up to date
Using outdated versions of programs, security, and scripts greatly increases the likelihood of intruders and malware exploiting your site's weaknesses.
- This also applies to your website hosting service patches (if you use one). Install updates as they become available.
- You should also keep your site certificates up to date. While this does not directly affect security, it will ensure that your pages will continue to appear on search engines.
Step 2. Use security programs or plugins
There are various firewalls that you can sign up for to receive constant protection, and often hosting sites like WordPress also offer security plugins. Just as you protect your computer with an antivirus, you should protect your website with security programs.
- Sucuri Firewall is a good paid option, but you can find free firewalls or security plugins for WordPress, Weebly, Wix, and other hosting services.
- Website Application Firewalls (WAFs) are usually cloud-based, so you won't have to download any software to your computer to use them.
Step 3. Prevent users from uploading files to your site
This way you prevent a dangerous vulnerability. If possible, remove all forms and buttons from which users can upload files.
- Another possible solution for this problem is to use forms that allow you to upload only one type of file (for example a-j.webp" />
- It is not easy to follow this advice if your website uses forms to receive documents such as cover letters. You can get around this by posting an email in the "Contact" section where users can send documents instead of uploading them directly to the site.
Step 4. Install an SSL certificate
This certificate confirms that your website is secure and capable of transferring encrypted information between the server and the user's browser. It is usually necessary to pay an annual fee to maintain the SSL certificate.
- Paid SSL distributions include GoGetSSL and SSLs.com.
- A free service called "Let's Encrypt" also issues SSL certificates.
- When choosing an SSL certificate, you have three options: domain validation, commercial validation, and extended validation. The last two alternatives are required by Google to receive the green "Safe" bar next to your site URL.
Step 5. Use HTTPS encryption
Once an SSL certificate is installed, your site should be qualified for HTTPS encryption; you can usually activate it by installing the SSL certificate in the "Certificates" section of your website.
- If you're using a platform like WordPress or Weebly, your website probably already uses
- The HTTPS certificate must be renewed every year.
Step 6. Create secure passwords
It is not enough to use unique passwords for the admin sections of your site; you have to invent complex, random access keys that cannot be found in other sections and save them outside the site folders.
For example, you can use a random string of 16 letters and numbers as a password, saving it to an inaccessible file on a second computer or hard drive
Step 7. Hide folders from administrator
It is convenient to call folders containing sensitive files "admin" or "root"; Unfortunately, however, this applies to you as well as to hackers. Changing the location of these files to a name that goes unnoticed (for example "New folder (2)" or "history") makes it more difficult for potential intruders to find them.
Step 8. Use simple error messages
If you reveal too much information in these messages, hackers and malware can use it to access sections such as the site's root folder. Instead of adding explicit details to the error messages, apologize briefly and offer a link to the site's home page.
This applies to all types of errors, from 404 to 500
Step 9. Always hide passwords
If you decide to save user passwords on your website, always make sure they are encrypted. A common mistake of inexperienced website owners is to keep passwords in plain text; this makes them very easy for hackers to spot.
Even popular sites like Twitter have made this mistake in the past
Advice
- Hiring a cybersecurity consultant to check your scripts is the simplest (albeit expensive) method of fixing potential flaws on your website.
- Always test your website with a security tool (eg Mozilla Observatory) before publishing the final version.