Today, internet is at the heart of most businesses and economies, and a glitch in the online system or even a small crack in the digital fortress of a website can bring the entire system to a standstill. Therefore, it is essential to take all the preventive measures to make sure that your online presence or website is not compromised. This post is about the same.
The virtual world is a complicated one. There is a constant exchange of information happening at all the times. A lot of confidential data, personal records, business transactions and other vital activities make Internet a dangerous territory to tread in. According to a tracking service, the total number of websites in May 2012 was 700 million, which is expected to increase to 1 billion in 2013. Following the Moore’s law, the number of sites is doubling every 18-24 months and soon there will be a situation where the number of websites will be roughly equal to the number of people on the Internet.
If you have a business, then it is highly unlikely that you won’t try to aggrandize your business sales with a website. Further, you will or must have invested a significant amount of money, time and other resources into designing that website and making it come alive. Therefore, it should be your prerogative to protect the site from the vicious prying eyes of hackers, spammers and all other malicious attackers who put their programming skills to disrupt the normal workings of internet. Even as you start to think that why would hackers bother about just another website to attack it, consider this, your website can easily give away critical customer and corporate information. Loss of business and reputation, damage to customer confidence and brand value erosion, legal liability, regulatory fines and financial costs of handling and incident are just few of the undesirable effects of an insecure website.
I recently took my family on vacation and found some great deals on Expedia. I found an good hotel near all the popular destinations at a good rate. Expedia saved me hundreds on my vacation.
We put the ALL in all-inclusive! Up to $3000 resort credit! Only with Expedia! - Expires 12/23/13.
Here are some of the ways in which you can prevent the disaster from happening:
- Keep your site version and plugins up to date
If you have a built your website or blog on one of the popular CMS platforms as chances are that you must have then it is highly advisable to keep it upgraded to the latest version. Each version is an improved form of the previous one and fixes vulnerabilities which were not known before. Every release patches upon bugs or security weaknesses and therefore by upgrading your website to the latest version you automatically improve its security. Besides, most attacks on such sites are through plugins that are developed by a third party developer. Before including any such plugin make sure it is verified and keep it up to date.
- Use strong passwords
The most basic of all steps, but nonetheless the most important one. Most of the times all hackers have to do to break into a website are use social engineering to guess the right combination of the password. Instead of keeping easy to guess passwords inspired from your name, your girlfriends name or family members or your date of birth, try to set a password that is hard to guess. The best practice is to use the initials of a long phrase along with some special characters of number. The admin password should be at least 10 characters long and have uppercase as well as lowercase characters. Keep your admin password unique. In case your email gets hacked you wouldn’t want the hacker to gain access to your website using the same password.
- Use a good anti-virus package
A simple yet one of the most robust rules of cyber security is to maintain a good antivirus on the local machine. Wondering how a good anti-virus can save your website from getting compromised? Well, there are many malwares that are built to reside on the host system that record keystrokes or take control of the entire browser, recording each and every activity and sending the recorded information back to the destination system. A good anti-virus system keeps a check on such malicious piece of codes from getting downloaded to the system. If you already have an antivirus, make sure that its virus definitions are updated.
- Server side validation/form validation
Keep validation checks at browser levels as well as the server side. There are only some minor errors like empty mandatory fields or entering text into a numbers only field that a browser cans catch. Bypassing these checks is easy and hence for deeper validation you should employ server side validation also. Failing to do so can lead to malicious code or scripting code being inserted into the database.
- File uploading issues
File uploading is a very contentious feature. If you do not employ the security tools a hacker might upload a file disguised in the form of an image, which the server would execute opening up your website to the hacker. One way to prevent this from happening is renaming the files to ensure they have correct file extension and change file permissions by creating a .htaccess file that will restrict access to some set files. Another solution and the most effective one, is to prevent access to the root server of the uploaded files.
- Keep a backup
Make sure you have a backup ready if all your measures fail and hackers are able to lay their hands on your website so that you can restore the site to a previous saved version. There are plenty of plugins available, free and paid as well that does a good job of backing up the entire website without you having to fiddle with any settings. If your site is big enough and you have the required finance then go for backup services such as Vault Press.
Saurabh Tyagi is an expert writer having interest in diverse topics like education, technology, career and Web 2.0. He is a social media enthusiast and a self-confessed gadget-freak, who loves to follow the latest happenings in the tech world.