Top 9 tips to secure your website from hackers

Top 9 tips to secure your website from hackers by Fabrizio Moreira.  Available from <http://www.businesszone.co.uk/community/blogs/fabriziomoreira/top-9-tips-to-secure-your-website-from-hackers> [May 04, 2017]


From credit card information to email id to phone number to SSN, online users are constantly sharing their confidential data on different websites over the web. No wonder, they would seek for optimum protection at these virtual outlets.

Your website is your first point of contact with your audience and if your platform shows any security anomaly, they won’t think twice to shift to the rival sites. In fact, website safety issue is one of the major security risks reported by small businesses  in the modern digital world and one has to be really particular in this regard.

The post below underlines the best 8 tips to secure your website.

1. Don’t forget software updates

Modern websites are incomplete without 3rd party software programs such as CMS and forum. But are you regular with the software updates? If not, please be mindful about it from now on.

The updated versions are generally released with the bugs fixed found in the previous editions and hence are comparatively safer and more powerful.  Hackers are always on the lookout of security holes and bugs in software and the longer you are with a outdated version- higher would be the risk concern for the website.

When the website software programs are regularly updated, it automatically lessens the hacking threats.

2. Password protection is fundamental

It’s clichéd but fundamental. One of the most basic ways to secure website from hackers is to get strong password guard for the site admin and server.

The rule of the thumb is to have a jumbled configuration of minimum 8 characters, including alphabets, numerical and special characters. The passwords should not have any relevance with anything relatable to your life, likes, preferences, job or business. You have to make things illegible and unfathomable for the hackers.

Most importantly, stress on hashed passwords. It’s impossible to decrypt them which immediately lessens the risk factor for your website.

3. Power up with anti-virus tools

After the passwords, anti-virus software programs are next basic step to protect your site from virtual identity theft, internet scams, spyware and credit card fraud. Virus and spyware threats would not only affect your site but would also jeopardize the confidentiality of the visitors.

You have to get really meticulous here as otherwise you are soon to lose out on clients’ trust. “Our company is constantly into financial transactions and we know our customers expect the best security from us.

We value our clients and have powered our site with industry-leading Norton & McAfee secure anti-virus programs to guarantee safest browsing experience for our users”, stated Mr. Bob, the CEO of JW Surety Bonds while discussing the importance of anti-virus programs for websites.

4. Bank on HTTPS

This is another important tip to keep in mind when it comes to website security. The HTTPS protocol guarantees complete confidentiality of the user data submitted on your website, eliminating any risk of twisting or manipulating them by any 3rd party.

Modern online users have some idea on the significance of HTTPS and they would prefer to have it on the login and credit card pages. For the best results, it’s smarter to have it for your entire site as well.  Yes, HTTPS certificates were really expensive at one point of time but today you will even get free ones.

Setting it up is never a pain now as there are great tools to set them automatically for you as simply as 1-2-3.

5. Beware of SQL injection threats

Hackers often attack with SQL injections where they attempt to manipulate the website database through URL parameter or some web form field.

With usual Transact SQL, we tend to enter rogue codes into query that can be easily capitalized to access your website information, change tables & ruin data. It’s better to use parameterized queries instead to prevent the risk.

6. Don’t allow file uploads

It’s apparently harmless but better don’t allow the visitors to upload any kind of files to the website. Actually, these files might carry a script which while placed on the server would mean complete access to your site.

This is applicable for both textual and image files.  The most effective way to solve this is to stop easy accession to the uploaded files. Consequently, all the files uploaded would get deposited as blob in database or outside the webroot.

7. Be careful of the server you use

The discussion would be incomplete without the mention of server significance in website security. The server is the one that hosts the website and any problem here would mean serious security anomaly for the site.

You have to count on most advanced version that can promise a safe and premium hosting for the website. “We were having security issues in our website when we realized it’s mostly because of our crappy server. We immediately shifted to Microsoft-IIS/8.5 as it comes with fixed bugs and quality enhancements that have scaled up our website security to a whole new level”, noted Bill Weir, the CEO of leading carpet cleaning company Aquatec Cleaning Group.

8. Don’t cut slackon server side validation

Web security gurus always suggest validation for both server and browser sides. In fact, this is another crucial point when we are talking about website security. Any problem here and you will be exposing your website database to malicious codes. You certainly don’t want that.

9. Be careful of error messages

It’s common to display error messages for any website but you have to be careful on the level of data you are passing on with them. You must only display minimal errors as otherwise you might end up leaking your server secrets- like database passwords or API keys. So, be very careful with it. Never feature full exception data as well as these would only heighten the risk of SQL injections. The detailed errors must be preserved in the server logs, away from your visitors.

When you are planning to making it big with the business, make sure to beef up your website with the best of security. Website security is no rocket science.

You just have to stay alert with certain steps to prevent unwanted leak of information and everything will fall into place. And yes, always know that security breaches are not exclusive to big corporates. Hackers have their prying eyes on small business as well. So, better be watchful at every step to ensure the best for your business.


Top 9 tips to secure your website from hackers by Fabrizio Moreira.  Available from <http://www.businesszone.co.uk/community/blogs/fabriziomoreira/top-9-tips-to-secure-your-website-from-hackers> [May 04, 2017]