There was a time when attackers concentrated their efforts on large corporate web sites. Smaller businesses usually did not tend to the
security of their web site as much because there wasn’t enough notoriety in bringing down a small mom and pop site.
But now things have changed. Any site on the web has become a target for cybercriminals. Whether they are trying to steal user data, inject malicious code into a web site or bring it down with a denial of service attack in today’s threat landscape even the most seemingly insignificant web sites are at risk.
So just how can you protect your web site from attack?
Well if you are multi-million dollar company you have the option of hiring out a team of experts to scan your site for any vulnerabilities that may exist. However those of us who can’t afford that route have to take matters into our own hands.
Make sure your software is all up to date.
Many websites run software like WordPress or Joomla!. Like the software on your computer, these programs need to be updated to patch security holes that people have found. Be sure to back up your site entirely before downloading and installing any updates just in case the update breaks your site or is incompatible with plugins or components that are necessary for your site to function.
Be password savvy.
Using 1234 may have been funny in Spaceballs, but in real life it can be tragic. Cybercriminals have sophisticated software that can
easily use brute force to crack this type of password. Make sure that anything you use is a combination of uppercase letters, lowercase letters, numbers and symbols.
Delete the installation folder.
Because so many sites now run on third party software packages, like WordPress, it is necessary for software to be installed on your
web server. If you don’t delete the installation folder then an attacker could run the installation again, empty the database and take control of your web site.
Keep an eye on file and folder permissions.
Setting all permissions to 777 will certainly make things easier on you, or anyone else who is working on your website, but it will also
make it easier on the bad guys. Set permissions as low as possible while still allowing your site to function completely.
Work from a secure computer.
The computer you use to access your FTP server or log into any web applications that your site uses needs to be secure and malware free.
Attackers can use keystroke loggers and other types of spyware to capture your credentials giving them complete access to your site.
Secure your database.
Most often, attackers are after your web site’s database. If you store account information, credit card information or any other type of
data that a cybercriminal can use, then your database will be targeted.
Use a third-party service to scan your site for vulnerabilities and malware.
Web sites face continual threats from attackers. And these attacks have become so sophisticated that malicious hackers can set up a
program to scan the web for specific web based vulnerabilities and automatically launch attacks against the sites that it finds and infects these sites with malicious code and malware. In fact, a study done in 2011 showed that over 1.2 million websites were infected with malware and a person had a 95 percent chance of visiting an infected site within three months of normal browsing activities.
Using a third-party solutiuon like StopTheHacker will help safeguard your site against attacks after you have already completed the basic hardening steps mentioned above. If you decide to use a third-party solution to protect your site, make sure that in addition to actively scanning for malware and vulnerabilities that it gives you the option of fixing any problems automatically or guides you through the steps necessary to keep your site free and clear of any malware and your visitors safe.
If you find this article interesting you also may want to check out this blog article “How to Deal with the Latest WordPress Outbreak?”