Tips for Securing Your Website (Before You Get Attacked)

Cyber threat is on the rise. However, despite everything we have heard about it, many of us still choose to ignore this threat. Just because we think “no one would attack us for the ordinary things we have and do,” it doesn’t mean we are free from cyber threat.

Well, even though your website has ‘nothing,’ it can still become a gold mine for cyber attackers. They can turn your website into an information mine, where everything that your visitors/users do, copy of this information goes directly to them. You still have the information and so are they. This what makes us unaware of the situation. We think nothing happens, yet the fact is completely different. Hackers can also inject your website with malicious links and programs, which will spread to everyone who access your website.

This is the fact, the fact many of us ‘choose’ to ignore. However, by looking at the scale of damage it can bring upon everyone, there is no reason not to prevent them.

Lucky for us, even these intense threats can be solved with some simple solutions. 

Update all Software

Software providers and developers regularly update their softwares to patch vulnerabilities in their application. By keeping all your softwares up-to-date, you will reduce the chance for the attacker to breach into your website. 

Multiple security layers

Security layer acts like a door to a house. The more layers you have, the longer and more difficult it takes for a person to breach into the website. At the first line of your defense, you can use a Web Application Firewall, which will protect you against malicious traffic, Spam, SQL injections, brute force attacks, Cross Site Scripting, and other cyberattacks.

Use HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is the next level of HTTP connection. It provides better security while transferring sensitive information between a web server and a website. Using HTTPS for your website basically means encrypting all data sent to and from your website. Without the right decryption key, even though the hacker finally breached into your website, he/she will only get useless, scrambled information.

Use strong passwords and change them regularly

Strong password is a must. Every time you are required to make a password, make sure you have created a strong combination of (at least) one upper case, one lower case, one alphabetic character, one numeric character, and one symbol. Yes, I know it is more difficult to remember, but it is much more effective to secure your website than just a word. Besides, you can still write it down somewhere safe (but not at your device). Also, don’t forget to change your passwords regularly. The more often you change it, the less time for the attacker have to break it.

Your admin configuration should be difficult to find

A website’s admin configuration is the core of any website. You should be the only one who knows about and have access to it. Do not let other people know about it, especially its location. Many hackers try to save their time by creating scripts that will scan all directories on your server. These scripts will look for any word that is related to ‘admin’ or ‘login.’ So, as long as you don’t use any of these or anything that sounds similar to them, your website will be much safe. Try asking your host provider if they allow you to rename your admin directories with custom name. If it’s possible, try to rename it with something only known to you.

Tags: , , , , , ,