There are many different ways websites can be attacked, and often site administrators do not even realize that they have put themselves at risk until it is too late. Fortunately, these seven easy security guidelines can help you beef up your site security and avoid nefarious attackers.
1.
2. Use passwords that are unique and complex and change them regularly. Not only should you use complex passwords, but you should also use unique passwords for all aspects of your site and change them on a regular basis. For example, you should never use the same password for both FTP access and administrative control panel access. If you use the same password for both methods of access, an attacker that knows the single password has the keys to the kingdom. Instead, use complex and different passwords for all access accounts. Create passwords that are not easy to guess and that use upper and lowercase letters, numbers and special characters. Do not use regular dictionary words in your passwords because those are easy to crack or guess.
3. Delete the built-in admin account. One of the simplest security steps to take is to delete default and built-in administrator accounts and create more obscure ones. You should create at least one administrator account that does not have a name that flags it obviously as an admin account. By making your admin powers harder to find, you make it more difficult for attackers to destroy or deface your site.
4. Keep software and all plug-ins updated. Unfortunately, there are many plug-ins and other web software out there that seem legit but actually contain malicious code or back doors. Carefully screen all plug-ins and software before you use them. Additionally, keep a close eye on your trusted software and plug-ins as well. If official updates are released, be vigilant about installing them. Updates are often released to patch holes and bugs that can allow attackers access to your site. By patching quickly, you can reduce your exposure to these risks.
5. Restrict access to your home folder from other IP addresses. Many hosting companies allow you to restrict administrative access to specific IP addresses. If you have this capability, you can prevent outsiders from doing damage to your site. Set access to only allow the IP addresses that you perform administrative duties from.
6. Audit permissions regularly. If an account does not administrate permissions, remove them. Check the permissions on your web folders and set folders that hold static content to read only. Assign only the minimum amount of permissions necessary to accounts and folders. By carefully monitoring access levels and permissions, you can prevent or limit the amount of damage that can be done when an attacker strikes.
7. Keep your PC clean and protected. While many focus on securing their website, often securing the PCs that are used to maintain the websites gets overlooked. The best passwords in the world cannot protect your site if your PC is automatically sending your secure passwords to an attacker. Malware installed on a computer can record keystrokes and send other sensitive data to attackers over the internet. As a result, it is vital to ensure that the PC you use for administrating your site is secure and clean. Use a trusted brand of antivirus software and always practice safe computing habits.
The best way to avoid having your website hacked is by being vigilant in your security practices and following these guidelines closely. However, with the speed that new exploits spread at, even the most vigilant administrators may discover that attackers have found a security loophole to crawl through. In this unfortunate, yet realistic, scenario these security guidelines can also help you minimize the damage that an attacker can do if they gain access to your site.