Website Security
Recommendations on website’s security
What are the causes of security breaches?
How can we protect our resources from hacking?
Website hacking has become a global phenomenon that affects millions of websites yearly.
DID YOU KNOW?
- 70% of scanned websites have vulnerabilities of various types.
- 30% of websites are infected with malicious scripts, viruses, worms, trojans, and other malware.
- 10% of the websites are under the hidden control of hackers, who steal passwords, data and send spam to damage the company’s reputation.
- 3,000,000 websites are hacked every year.
So what can you do to protect yourself?
Never open a link that you didn’t expect to receive:
Most hackers are able to hack a website using an email with a link that contains some sort of virus. The e-mail will most likely be written with spelling mistakes so that it’ll be easy to spot. This technology is called “phishing”.
Never open a link from an unknown source or from a known source that wasn’t supposed to send you one. The safest way is to move this e-mail to SPAM. If it is from someone you know, contact a person to check whether they emailed you or not.
Use an antivirus program
You must use an antivirus program on every computer that you use to access your website. Apart from that, you should use an antivirus on your website. Make sure that you use various antivirus programs.
Never use the same password on different websites:
The reason is that if a hacker gets access to one of your passwords, he will be able to access all of your sites.
You should use complex passwords, and each of them should contain capital letters, numbers and symbols.
Never use the password from your main e-mail account on your website:
If a hacker attacks your site and gets access to your password, he will be able to steal additional sensitive information. The reason is that many other services use your e-mail account to restore your passwords, such as Facebook, for example.
Use a strong and up-to-date password
It is crucial to set a complex password that uses capital letters and numbers. Make sure that your password has never been hacked before.
Do not use the same password on different sites
You should choose various passwords for different sites. In case one site is hacked, the others remain safe.
Do not use passwords from your email and social networks on your site
Do not give intruders a chance to get access to all your resources
Restrict access to your website for users from certain countries with the help of .htaccess
It is possible to block visitors from specific countries using .htaccess
- Please check .htacess file.
- Select the countries you want to block from the list (database of countries)
- After you choose the countries, generate ACL
- Copy the ALC results
- Paste it into the .htaccess file and press Save & Close
- If anyone from the restricted list will try to visit the site, they will get 403 error (access forbidden) or 404-page unavailable
Blocked view folders:
You can block users from accessing and viewing all folders and files in the system. All you need to do is go to the .htaccess file located at the root of your Joomla or WordPress and add the following line: Options: All -Indexes. It is also possible to perform the above action using a command Index Ignore *
Be careful with public Wi-Fi::
Using public Wi-Fi connection, you should avoid visiting sites that require a password, for example, your banking system, Facebook account and so on.
Block IP of users from certain countries
Block viewing of your folders
Plugins
Protect EXTRA files by changing the location of the folder UPLOADS
To change the location of the folder where you save files uploaded to the system, you have to access to a panel of WordPress administration (Admin Panel). After that you have to open the “Media” in right side of menu “Options”
You can also block access to files with the help of specific extensions, for example IndexIgnore *.html
IndIn PHP, as it has already been stated above, this can be done on each file and file with *IndexIgnore