How Can I Protect My Website & Make It More Secure
One of the first things every website owner needs to understand is that the internet is never 100% safe against an attack. There has been an ongoing struggle between hackers and software developers, with both sides battling for the upper hand. In many ways website security is making your site a less appealing/easy target. Think of it as the difference between locking your doors and windows or forgetting to lock them. There is always an opportunity for a robber to get inside, but having the doors and windows locked means it takes longer to get in, giving you time to get the one up. Hacking is opportunistic and motivated by "easy targets".
Below are some easy steps to take to ensure your site is locked up.
Keeping Your Software Up To Date
It's a fact that software contains flaws which can be exploited. However, by making sure that you always use the most up-to-date versions of the software which takes advantage of the continued progress of the software developers, in terms of identifying and removing the flaws. By making sure you are up to date with versions and releases of the software, you have better chance of keeping your website safe.
Limit Access
An important part of owning a website is to limit access to the back end to a need-to-know group. Especially in Wordpress websites, you can restict users access to the content and permissions in what they can and cannot so on the site. Always try to harden your site on all three levels: the operating system, the server, and the web application itself.
Make Your Passwords Strong
We have all heard the same statements about having different passwords for different logins, but of course, this seems an impossible task to remember them all. But having the same password is like giving someone the code to your safe. Insecure passwords can be very easily guessed and leave you vulnerable. Ensuring you use strong passwords, like the ones created here: Strong Password Generator or any other site like it, makes your security much tighter. Make sure you’re not using the default password and chose a password which is difficult to guess. Yes, it might be convenient to make all of your passwords the same, but regular password changes can help defend your asset against attack.It’s become far too easy to get your passwords compromised, so avoid it where possible.
Monitor Your Site
It's easy to assume that everything on the site is running A-OK, but how often do you check it? The last thing you want to hear from a customer, or potential customer, is that your site has been compromised. You obviouisly want to know about this before anyone else does (especially if you have high risk content in your databse , CC numbers, Names, addresses, emails etc).
Your site could also have been exploited to host malware and viruses without looking like anything is wrong at all. Fortunately, there are a lot of good tools for monitoring your site, including some free ones, like http://www.uptimerobot.com, that make security management a breeze.To help with those really difficult cases where your site was hacked but does not appear hacked, use Google Safe browsing to detect the hidden malware on your page. (Use the following URL but replace the site you want to check after the ?site= parameter) http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain.tld
Backup Your Site
Sometimes the best course of action if your site has been compromised is to adopt a "scorched earth" approach and re-upload a backup version that you know is clean, see the article on How Do I Upload My Webite via FTP. To make this option effective, you need to make it a part of the regular maintainence of the website and create a backup version of the files, content and database.
If you find that your site has been compromised, the best course of action is to take down the current version, revert to a backup and then spend some time looking over the server logs to work out how the weakness was exploited. You can then make corrections to your software and site structure to prevent this happening again
