How to Prevent your Website from Being Hacked

Hackers and cyber criminals commonly target websites with vulnerabilities. If you’re using a weak password, third party applications that aren’t up to date, or old and un-updated anti-virus software, you are making your website vulnerable to vicious hacker attacks. Keeping your website secure against harmful intrusions and hacker attacks means more than installing traditional firewalls and intrusion detection systems. Being proactive and taking preventive measures is the best way to fight hacking and have a safe website on the Internet.

What most website owners don’t realize is that it only takes a few simple steps to ensure a higher level of security for their websites. None of these steps are hard to follow and do not require any special software or programming knowledge, but they are absolutely essential in helping you prevent your website from being hacked. These anti-hacking methods are general enough and can be applied to any size website, be it a large online store or a small informational website.

Implement basic security methods to protect your website from hackers

By implementing basic security methods you can significantly increase your chances of keeping your website safe and secure. While these methods can’t guarantee full protection from all hacker attacks, it will put you ahead of your competitors who do not have any website protection and security at all. Here are some things you need to know about protecting your website from being hacked:

  • Choose secure passwords. Protecting your admin panel password and FTP      account password is a matter of creating letter and number combinations that are not easy to guess. Always try to use the most difficult password possible. A secure password is at least 8 characters long and includes a mixture of letters, numbers, and special characters like punctuation. The more complex and obscure your password, the tougher it is for hackers to crack.
  • Keep your software up to date. If you are using old versions of blog/content management software, chances are it’s insecure. Make sure that the software you have installed such as WordPress, SMF, PhpBB, or any other software you installed on your own is updated to the latest version as updates become available. In some cases, you can subscribe to the software you installed to ensure you are notified immediately when security updates are released. For example, sign up for mailing lists that most major software vendors offer to release news announcements of new versions. Subscribe to an RSS feed or a forum board. Create a Google Alert and do whatever you need to do to update your website’s software to the latest stable version as soon as possible. If you are updating your home or office PC regularly, why should you not update your website’s software regularly too? Remember, software and web applications that aren’t up to date can cause your website to be easily compromised.
  • Use encrypted services. Consider using encrypted services over non-encrypted ones. This means replacing software such as FTP with software such as SFTP, a network protocol that provides secure and reliable file transfer and file management functionality. If you have a webmail application, host it on an SSL-enabled port and use SSL encryption for anything that requires a username and password. If you send emails from a remote machine to your server, make sure encrypted connections are configured within your mail server.
  • Use secure 3rd party scripts and add-ons. Think before uploading/installing widgets, plug-ins, and other modules onto your website. 3rd party scripts or any other code you install are written by unknown developers under unknown circumstances. Non-secure scripts and plug-ins cause approximately 70% of hacker attacks. Be sure to research any code you want to install that you didn’t write yourself.
  • Your hosting provider is not always to blame. Most website owners think that if their website gets hacked, it’s because their web hosting provider isn’t doing their job right. But the truth is, it could very well be your own fault. Although most web hosting companies will protect their servers and your website to some degree, it’s important to realize that the content in your account is up you. When you get hacked it means you had some form of vulnerability in your site. As a website owner you are responsible for keeping your password secure and your scripts bug-free. You must safeguard your data with routine maintenance and awareness of the protection that is available to you through your web hosting provider. Using virus scans, securing your passwords, clearing browser history, and being aware of general protection and security issues is the best way to prevent your website from being hacked.
  • Make your own backups. Back up all your data regularly. Don’t rely on your web host to keep a backup for you. Make backups of your website and save them on an external hard drive or download copies to tape, MP3 player, or Iphone. Never let your website visitors see that you got hacked. Just change the server or password and use your backup to get your website up and running again.
  • Choose a reliable web hosting company. The best line of defense against a potential hack attack on your website is to make sure you have a reliable web hosting provider. At GlowHost we take your security very seriously. We provide reliable hosting solutions and excellent customer service and do our best to help protect your websites from being hacked. All servers at GlowHost are highly protected using mod security and a customized PHP version that has been hardened against the most common exploits found in PHP. In addition, we offer hardware and software firewalls and the latest stable versions of server software like Apache and PHP. With GlowHost you can enjoy enhanced security and the highest level of protection for your website.

This is not an exhaustive list of the steps you can take to prevent your website from being hacked. And even though hacking will never stop, by following the above steps and taking precautions to secure your website, you can greatly decrease the risk of being hacked. It also never hurts to hire experienced web hosting consultants to see what other options may exist for hardening your server and securing your website. If you need a competent admin to help you with your website security issues, GlowHost has a team of highly-trained technicians ready to help you secure your website.

A final consideration is to sign up with a motoring and repair service like Sucuri. Sucuri is a fantastic service that will alert you to any new compromises that have been detected on your web site, they will repair your web site, and then they will report to blocklists like google to inform them that the site has been repaired. The service price is reasonable, the value is terrific, and their tools work well.

Current GlowHost customers can take advantage of discounted Sucuri pricing by visiting our Web Site Insurance offer and signing up for the service directly.

If you think your website may have been hacked, contact GlowHost anytime to let us know. Visit www.glowhost.com today to learn how we can help you protect your website from being hacked.

  • Gazduire

    Use a good Antivirus …
    Back like 3 years ago … i had an website infection because my antivir was poor quality ..

    • admin

      That’s a good point. A lot of AV programs do not detect all viruses. Actually, none of them can be 100%. Often times we see people who have stored their FTP details or are using plain text FTP authentication. Their passwords and usernames are then stolen using a sniffer for the plain text username and password, or malware that looks for stored passwords which was installed when the AV wasn’t paying attention.

      Make sure your AV is always up to date otherwise there is no point in running Antivirus.

      If you have detected that the files were modified and uploaded using FTP, you should change your passwords and block the offending IP responsible for the changes.

  • Pingback: All wordpress sites suddenly slow! - Page 2()

  • http://www.newiphone5.net/ iPhone 5

    is there a chance to find out the way how a hacker gets into the account?

    • glowhost

       Sure, ask your web developer or your web host to check the logs on your account. If they know what they are doing, they will be able to tell you in most cases.

      • http://www.newiphone5.net/ iPhone 5

        …the problem isthe web host dont care about it at all…I will take a look at the log myself..what exactly should I look for…suspicious links?

        • glowhost

          My first recommendation would be to find a host who will help you when these types of things happen. GlowHost.com would be a good candidate for you, as they have lots of good systems administrators there who do care and enjoy their work.

          What you should be looking for is the name(s) of the file that was modified by your hacker. That will reduce the logs to a few entries. Then you can check those lines to see if the file was uploaded / modified / overwritten via FTP or if it was done via an exploit in the script itself. You will also have the IP of whoever did this once you know the file name, so it can be blocked while you investigate and repair.

          • http://www.newiphone5.net/ iPhone 5

            thx for the recommendation..well..its an account of my friend..hes with hostmonster at the moment..and hes thinking about transfering to some other one for sure…Im just trying to sort that out for him..well I removed the code from index.php, and all was working fine three days ago..but sudenly, yesterday all files deleted…so I asked them for a backup..they did it…but I cant have a good sleep until I find the leak..and its still good to learn something new..know what i mean..for now I downloaded the raw access log..but theres just pretty bad mess there..hm

          • glowhost

            Raw logs can be confusing at first but they are fairly easy to analyze with the Linux command line, and are very useful especially if you know the time of the attack or if it happened recently. This is where a good host can be helpful, if you are unsure or have not yet learned how to use commands like “grep” from the Linux command line.

            I suggest first changing all FTP passwords then removing those passwords from any FTP programs that save these passwords on the PC. Then I would make sure the script is updated.

          • http://www.newiphone5.net/ iPhone 5

            thx..and appreicate that…for sure I will recommend him your host…btw the raw log is not going to help me as its from today only..and i need yesterdays one…and they dont keep it more than 12 hours…thx for your time.

  • Pingback: Question Protecting your website from hackers and viruses - Virtual Assistant Forums - Online Community for Virtual Service Providers()