9 Simple Ways to Protect Your Site Against Hackers
Getting your website hacked can be very painful as all your details and personal information related to the company get exposed. Plus you risk losing your primary source of income. But in reality, most people think one of the following:
- Our website is way too small to be hacked
- Our designer is handling this
- I believe someone in my organization is on top of this
First of all, hackers don’t discriminate – big, small traffic, no traffic; they just scan the web for vulnerabilities and try to find ways in.
Some impressive numbers for you:
Hackers steal 75 records every second.
(Source: Breach Level Index)
73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete.
(Source: Thycotic.com)
Hackers create 300,000 new pieces of malware daily.
(Source: McAfee)
On average 30,000 new websites are hacked every day.
(Source: Forbes)
87% of websites have mid-level weaknesses.
Acunetix’s report “Web Application Vulnerability 2019”
Here are a few of the simple ways in which you can protect your site against hackers:
1. Make sure that the website software remains updated
Outdated website software can be an easy target for hackers. They scan the websites, check for the software of plugins that have vulnerable security and reach out to them instantly. Whether it is outdated WordPress with old themes and plugins, obsolete software components or security vulnerabilities, the hackers can exploit you wherever they find that your online presence is becoming weak.
Make sure that you keep your software updated and ensure that you do a bit of planning, so that is doesn’t become painful. Here are some steps that you can follow:
Review the website to identify the software and its components that you have installed and make a list of the pieces that need updates. If you have the option of auto-updates, then make sure that you turn this feature on for compatible and straight forward plugins.
Another thing that you need to keep in mind is to make sure that you keep a check on the software documentation that included best practices to make sure that auto-updates do not cause problems to your website. Make use of the list to check the updates regularly and install the necessary elements. You should also make use of a regular calendar event to keep a reminder of the installation updates.
If you encounter an outdated element, you should create a backup on your website, update the component immediately. In most of the cases, you can update the software with just a few clicks.
ProTip: If you haven’t done this for a while, make sure you delete your plugins and upload them via FTP once in a while with clean files. Auto-updates are not always the best solution.
2. Protect your password in transit
Another manner in which the hacker can enter your system is by getting access to the password. To stop such attacks, you will need to make sure that you are sending the password on encrypted channels.
The first thing that you need to do is to turn your website to HTTPs (preferably HTTP2 or higher) to avoid the hackers from getting access to the credentials of your admin page and logging in to your site.
For instance, if you are using the WordPress admin page, you would want to make sure that the login itself is HTTPS so that hackers won’t be able to intercept the credentials. In case you find out that the WP admin login URL is HTTP, then your password and username would be sent out as plain text, which might get attacked by a hacker.
Make use of secure FTP if you want to protect your password when you are connecting to FTP. This is an excellent trick and would make it harder for hackers to recognize the password and steal it. Most of the web hosts support FTP – check the knowledge base of your website for FTP connection in order to get the required details.
3. Protect your password that is stored on multiple devices
The methods mentioned above can be used to protect the password in transit. However, have you wondered what would happen to the password if it is saved in your computer. The hackers can try to recognize the passwords from your computer, laptops or phone by using cyber attacking tactics such as malware, phishing, etc.
Listed below are some of the ways in which you can fool them: Limit the number of places where you store your password: If you have got your password saved on your computers, email, Google Drive, or your mobile phone, then the hackers would definitely look out for such places.
>You should make sure that you store the passwords in a few places only and make sure that they are encrypted with the help of a password-protected file.
The second thing that you can do is to install anti-malware on your computers, and if the hacker can install the malware in your computer, they might steal the data, including the passwords as well.
4. Choose a more secure password
If your password is not that strong, then the hackers would not have trouble in stealing your account password. Instead, they would set up an automated program which would enable them to keep trying multiple passwords through permutations and combinations, thus making it easier for them to figure out about the correct password. Another way in which they can take out the password is by checking out a database that is filled with them and check whether you have used an old password on your website that you might be using again and again.
So, the next question arises, how can you make your password secure?
Here are some of the ways in which you can do the same:
Never use common words in the password
Never use simple words such as “hello” or “123456” in the password as these are easy to grasp, and the hackers would know all the likely words and would start by guessing the first. Also, commonly used English words should be avoided completely as that hacker would be able to guess them within a few guesses.
Always use special characters
There are 308 million combinations of a six-character password which contains just the letters, and it would not take the hackers long to guess that they have a powerful way to guess the computer password.
However, if you make use of capital letters, numbers, as well as special characters, then your password would be much stronger, and there are chances that the hacker would not be able to guess your password out of the many combinations.
Never end the password with ! or 1
Initially, when it became necessary to fill up passwords in the software using special characters and numbers, several users started adding 1 or ! to the password. Hackers are well aware of this trick, and it is easy for them to guess the password in one go. You can even use different characters or numbers for the same.
Ensure that the password is long
It is believed that a password with sixty-four characters is ideal and much safer. 12 to 16 characters are considered as a good length for a majority of the sites when you are using the same. Moreover, a 12-character password is up to 30 million times stronger when compared to a password that has eight characters.
5. Never reuse similar passwords
Hackers have access to password databases which have been picked out from old data breaches in order to get access to the website. These include credit card details, social media security number and password. If your password got reflected in a breach, and you used it again, then there are chances that it might get hacked.
Make sure that you keep unique passwords every single time when you log in on a platform. If you fail to remember a lot of passwords at a time, then it is recommended that you make use of a secure password instead in order to keep an eye of the login details.
6. Choose brute force protection
It is not difficult to block brute force attacks that are present on your website. Moreover, there are multiple plugins that are used for WordPress. They might block logins if you feed five incorrect passwords attempts. Moreover, you might even get a full list of ratings that are present on the WordPress website. In case the site does not use WordPress, then you should find out other software packages that come with these features which can help in blocking the brute force attacks.
7. Restrict access on your website accounts
It is advised that you never give access to the multiple people who might be managing your website, as that would increase the chances that a hacker might figure out a way to reach the website. There are two major ways in which you can minimize this risk:
Restrict the number of users who have access
If someone is writing for your blog, then it is better that you do not give them the access to admin page; instead, you should provide them author level access only. In this way, the hacker would get hold of the password, and they won’t be able to have control over the admin account that is present on your website.
Remove unwanted access
It is mandatory that you keep a check on your website and remove the users who do not need access anymore. Over the course of time, hackers can get hold of the credentials which are not actively needed.
For website accounts, where you tend to “set and forget” the passwords, you should make sure that you keep a check on the updated access to the account regularly so that getting access to the website is not that easy.
Choose security customizations for your CMS
Evey CMS software or similar website has a list of security practices that are best for them. Make sure that you abide by them implement them in a manner that you fulfil their requirements completely. Review and implement these features in order to improve the website’s security to a great extent.
8. Make sure that you monitor and respond when it comes to your website
Security precautions need to be taken in a way that they can reduce the risk on your site before it gets hacked. Make sure that your website is protected completely, and there is no need to prepare for any possibility for the same.
Make sure that you follow these tips to make your website fully-protected.