How to secure your website from hackers
Hackers are a big problem of world’s web technology. They can collapse your whole business in a minute. However, hacking is not like always what you see in Hollywood movies. It does not always need a great coding knowledge however, the one who can do computer coding has lots of ideas about hacking. But it is not mandatory to have knowledge of coding to hack a website. Anyhow if a person can add, update and delete your website without having permission of concerned authorities is called website hacker.
By the way, hacking is normally performed by automated scripts used in attempt of stealing or destroying the information of a website. Here we are going to give some important tips to keep your website secure in online.
In first, you must know what you are using. As if you are using platform like wordpress or joomla etc which are open source. So it is easily available for all. That is why, hackers may also very familiar with that codes. They may have been searching for loop holes or also have found security loopholes. Therefore, you should keep your system updated. You may have noticed that WordPress frequently update their version. Without hesitating you can update. However, you should keep back up of your website data before updating your system.
I have also another example. Many developers use dependency tools like composer and npm. These tools are used to maintain dependency of software and security vulnerabilities which also must be up-to-date in your system. Otherwise, it might be insecure from hackers because they are also open sources.
I already have mentioned about SQL injection in brief. Attackers can use website’s web form fields like comment section login section etc and inject vulnerable SQL codes into the website and change database table. Such as they can insert new user into the table. In fact, many web languages have this kind of feature, in that case it can be implemented easily.
In order to ensure SQL injection safe website, you should use parameterized syntax by using Mysqli or PDO (PHP Data Objects) language.
$statement = $conn->prepare("INSERT INTO RakUserTable (username, fullname,email) VALUES (?, ?, ?)");
$statement->bind_param("sss", $username, $fullname, $email);
// setting parameters and executing
$username = "ariyal";
$fullname = "R Ariyal";
$email = "email@example.com";
Example of CSP
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">
You can have excellent guide of CSP and SOP from Mozilla
SSL establishes encrypted link between web server and browser which insures that passed data between the terminal is private and secured. If you want to keep your site’s user information like user password, credit card no etc private, HTTPs is high recommended. It encrypts each and every authentication data which makes hackers unable to steal your authentication and credit card information. Actually, it is not so hard. You just need to enable HTTPs. If you are using wordpress platform, many hosting provider have been offering SSL (Secured Socket Layer) free for it. in my opinion, bluehost offers good hosting service. I am now using bluehost to host my wordpress site. It provides free ssl for wordpress site.
Actually, password is in the form of encryption. It is stored in database as an encrypted form. If someone tries to get your password, it must be decrypted. Without decrypting it, we can’t understand what is password. In the form of encryption, your password will be like this “46jut#op^w7802hf682%3$282”. Therefore, just make your password strong which make difficult to hackers to decrypt it even though they get your access on your database. If you make password longer and mix special characters, then it will be more secure.
It is also good way to keep your files and folder safe. You can give file permissions to each file and folder. Basically, there are 3 types of file access: Read, Write and Execute. And it is set for 3 types of users: Owner of the file, Files which are in the same folder and all. It helps operating system to deal with requests to access the files and folders.
You should not index your website’s admin page in search engine. Robots.txt helps you to discourage search engine to index it.
Have your website ever been hacked ? Did you solve that ? How did you solve that and how did hacker get into your website ? Please fill free to share your experience. Just use the comment box below to share your experience.