An interesting fact, but every year the number of hacked websites is growing. You, as the site owner, may not even think about the fact that the security of your web resource is constantly under threat. The site of almost every company stores and processes personal data of users, confidential information, and implements the acceptance of online payments.
But even if theft of data or disruption of the site is not the goal of hacking, then cybercriminals also have other reasons for this. – sending spam or temporarily using a web server to store files (often illegal content).
Hacks are made with specially recorded automated scripts. They “comb” Internet in an attempt to hack sites with known software holes.
According to a study by Security Magazine, on average, an attack on the network occurs every 39 seconds, and the use of insecure usernames and passwords gives attackers a better chance of success.
According to McAfe, hackers create 300,000 new malware every day.
At the same time, the number of protected applications is increasing due to the use of modern protection: in 2019, their number is 26% of the number of developed applications.
According to the Breach Level Index source, cyber fraudsters steal 75 records every second.
Every year, more than 15% of users become victims of scammers who steal their personal data or bank card data from commercial sites.
82% of cybercriminals' loopholes are caused by errors in the application code.
Web resources that are at risk:
Financial institution websites.
Pages of mobile operators.
Highly influential media.
Even if you are a small business owner, the threat should not be underestimated. The likelihood that you will become the target of cybercriminals is quite high. Small sites are used by fraudsters as springboards for practicing hacking techniques, data theft, for further distributed attacks on other sites.
Use of open data transfer protocols, without SSL.
Hacking with plugins and CMS modules.
This list of options – not complete, every year the number of such problems increases.
So what factors should site owners look out for when they want to improve the security of their page? We have compiled a list of mandatory principles with which you can secure your site:
Mandatory planning of security measures.
Periodic analysis of the site's security: every day the number of threats increases, criminals are improving their tools.
Periodic web application security testing: all for the same reason.
Correction of vulnerabilities in case of their detection.
Entering the maximum differentiation of rights for users and site administrators.
Use only strong passwords.
Use only licensed software.
Regular update CMS – mandatory to protect the site.
If you are not confident in your abilities – contact specialists for security settings.
You can assess the security level of your site using online scanners. But you shouldn't rely on one scanner, we advise you to collect data using several security testing tools, check how real the threat to the site is during its operation, and fix the problems found.
Popular online scanners:
Website Malware and Security Scanner
Before testing your site on your own, we advise you to study this issue well, or involve specialists in this process.
Secure data transfer is often considered the main reason for hacked websites. Basically, data on the network is transmitted using a standard data transfer protocol – HTTP. It is vulnerable, but it can be fixed by switching to HTTPS. It carries out data transmission with encryption, which allows maintaining the secrecy of information during transmission from the server to the user and vice versa. In order for the site to start working with this protocol, it is necessary to obtain site security certificates. Despite the fact that the use of HTTPS is not mandatory, if your site provides for the use of payment systems, it is definitely worth using it, and there are several reasons for this:
Users themselves are more loyal to HTTPS sites.
HTTPS will keep the client's payment data confidential.
Websites with this data transfer protocol rank better when promoting in search engines.
In order to translate your site to secure HTTPS protocol, you should obtain it from a certification authority. There are paid (with extended certification authority responsibility) and free SSL certificates. After you receive the protocol, you need to connect it to the site and redirect all requests to the new site address with HTTPS. Usually, a direct redirect with a 301 code is used for this. In some cases, this can be easily done through the control panel. Also, do not forget that you need to rewrite all internal links of the site, change the robots.txt file, and then configure HTTPS Strict-Transport Security.
By stealing passwords, cybercriminals instantly gain access to all information on the site. By doing this, they open up wide prospects for themselves and use the information for their own purposes, namely: they seize the data of bank cards or personal data of the user, or send spam to users.
To prevent this, you must:
Use only strong passwords that are difficult to guess. Minimum number of characters for a password – at least eight. In this case, even password guessing programs will take a long time to guess.
Configure protection against guessing a password in the closed part of popular CMS.
Do not transfer passwords from the admin panel to unauthorized persons. If several employees can add information to the site, delimit their rights and do not grant more rights than necessary for work.
Do not save passwords on FTP – they are easy to kidnap. It is better to use special password managers that will encrypt saved passwords.
Examples of such services:
Let's first understand what hotlinking is?
Hotlinking – it is the process of embedding and displaying on a web page any object (pictures, video, music, any other file) that is actually located on another server.
Hotlinking protection methods:
There are several ways to protect against hotlinking, depending on what tasks you want to solve. But all methods come down to making changes to configuration files.
If your site is running on Apache web server, then you need to make changes in the .htaccess file;
If your site does not run on the Nginx web server or you use the Apache + Nginx bundle, then changes must be made in the nginx.conf file.
Determining the type of web server used is very easy when using a special extension for Mozilla Firefox and Google Chrome browsers – wappalyzer. After installing it, an additional icon appears in the address bar of the browser, when you click on it, information about the site is displayed, including the web server used.
In order to protect yourself from CMS hacking, you need to regularly update the CMS version, do not install dubious plugins and modules released by amateurs, and also entrust the protection of the CMS to your hosting provider.
By conducting a security check on your site, you significantly reduce the risk of losing money, customers, and reputation. In this article, we have described the basic ways by which it is possible to secure your site, but remember that using only one of them is unproductive. Testing and identifying weaknesses requires an integrated approach.
We have a high-quality and reliable service, a convenient control system through the admin panel, intelligent security systems andtechnical support, which will help resolve all emerging issues at any time of the day.
Any tariff of our hosting is suitable for Wordpress. You can choose exactly the package that best suits the needs of your project: SSD hosting,VPS on SSD, Cloud (cloud) hosting, cloud VPS. Dedicated server or dedicated server.
We have developed a system of automatic website testing, this will give you the opportunity to check dozens of indicators and settings of the website and domain. Will check the correctness of the WordPress configuration file, database connection, theme and module settings. Check if the php parameter is configured correctly_memory_limit.
Join Hosting Ukraine and we will take care of the technical side of your business.