Hackers are a big problem of world’s web technology. They can collapse your whole business in a minute. However, hacking is not like always what you see in Hollywood movies. It does not always need a great coding knowledge however, the one who can do computer coding has lots of ideas about hacking. But it is not mandatory to have knowledge of coding to hack a website. Anyhow if a person can add, update and delete your website without having permission of concerned authorities is called website hacker.

Hackers particularly use different sort of strategies to hack your website. SQL Injection and Cross Site Scripting are popular strategies. SQL injection where attackers inject SQL code into your website and get access to database’s data. They often add a new user into database table and get access to the website’s database. Hackers use javascript in comment section and url bar to steal information. It is one of the sensitive concerns in modern web application.

By the way, hacking is normally performed by automated scripts used in attempt of stealing or destroying the information of a website. Here we are going to give some important tips to keep your website secure in online.

Keep your system up-to-date

In first, you must know what you are using. As if you are using platform like wordpress or joomla etc which are open source. So it is easily available for all. That is why, hackers may also very familiar with that codes. They may have been searching for loop holes or also have found security loopholes. Therefore, you should keep your system updated. You may have noticed that WordPress frequently update their version. Without hesitating you can update. However, you should keep back up of your website data before updating your system.

I have also another example. Many developers use dependency tools like composer and npm. These tools are used to maintain dependency of software and security vulnerabilities which also must be up-to-date in your system. Otherwise, it might be insecure from hackers because they are also open sources.

Save from SQL Injection attacks

I already have mentioned about SQL injection in brief. Attackers can use website’s web form fields like comment section login section etc and inject vulnerable SQL codes into the website and change database table. Such as they can insert new user into the table. In fact, many web languages have this kind of feature, in that case it can be implemented easily.

In order to ensure SQL injection safe website, you should use parameterized syntax by using Mysqli or PDO (PHP Data Objects) language.

PDO Example

$statement = $conn->prepare("INSERT INTO RakUserTable (username, fullname,email) VALUES (?, ?, ?)");
$statement->bind_param("sss", $username, $fullname, $email);
// setting parameters and executing
$username = "ariyal";
$fullname = "R Ariyal";
$email = "ariyal@rakepoint.com";
$statement->execute();

Use CSP (Content Security Policy) or Same Origin Policy (SOP) to keep website safe from XSS (Cross Site Scripting)

Hackers can run malicious javascript code into website pages, which can change page content in real time and get back response to hacker to steal the information from the website. They can submit javascript from your comment section if you have not applied any validation into the form field. In this condition, you can restrict to run inline javascript code not hosted in your domain and also use similar strategies like of SQL injection. In order to enable CSP, you can configure it first by implementing meta header.

Example of CSP

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">

You can have excellent guide of CSP and SOP from Mozilla

Use SSL Certificate (HTTPs)

SSL establishes encrypted link between web server and browser which insures that passed data between the terminal is private and secured. If you want to keep your site’s user information like user password, credit card no etc private, HTTPs is high recommended. It encrypts each and every authentication data which makes hackers unable to steal your authentication and credit card information. Actually, it is not so hard. You just need to enable HTTPs. If you are using wordpress platform, many hosting provider have been offering SSL (Secured Socket Layer) free for it. in my opinion, bluehost offers good hosting service. I am now using bluehost to host my wordpress site. It provides¬†free ssl for wordpress site.

Make your Password Strong

Actually, password is in the form of encryption. It is stored in database as an encrypted form. If someone tries to get your password, it must be decrypted. Without decrypting it, we can’t understand what is password. In the form of encryption, your password will be like this “46jut#op^w7802hf682%3$282”. Therefore, just make your password strong which make difficult to hackers to decrypt it even though they get your access on your database. If you make password longer and mix special characters, then it will be more secure.

File Permissions

It is also good way to keep your files and folder safe. You can give file permissions to each file and folder. Basically, there are 3 types of file access: Read, Write and Execute. And it is set for 3 types of users: Owner of the file, Files which are in the same folder and all. It helps operating system to deal with requests to access the files and folders.

Make Your Admin Page Hidden and Use Robots.txt

You should not index your website’s admin page in search engine. Robots.txt helps you to discourage search engine to index it.

Have your website ever been hacked ? Did you solve that ? How did you solve that and how did hacker get into your website ? Please fill free to share your experience. Just use the comment box below to share your experience.