Defend Your Web site

By admin Hosting and cms Seo optimization Web optimization Wordpress wordpress errors and fixing WordPress seo February 21, 2023

Table of Contents

Protect Your Website

There are many ways a website can be hacked or attacked. Here are some actions that website owners can take to protect their sites.

Unusual visitor numbers

In your hosting control panel, you can see logs analysing website visits. AWStats is a popular one. On some of our sites we have found a high number of visits from a single IP address, 6,000 in 15 days. That’s 400 per day and can only be automated.

They must be up to no good. They could be using your address to send out spam, or trying to gain access. In Google you can find IP address lists with locations, and sometimes listing their reputation. In the hosting control panel there is a facility to deny specified IP addresses which can block that IP. But you can also block a range of addresses. That is wise because a bad IP can be just part of a range.

Passwords

Years ago it was common to set passwords as memorable words. But these are easy to guess, like names, birthdays, places and keywords from the website. These should be replaced by more secure passwords. Use at least 8 characters and include upper and lower case letters, numbers and symbols (@#$% etc.). These can still be made memorable by taking a word and separating letters with numbers and symbols, or replacing letters with numbers and symbols. E.g. Alexander can be &A!3x@nd3r#, but it would be even more secure if it was just a jumble of characters.

Latest software version

Always update any website building software (such as WordPress) to the latest version. These software updates can be frequent and will close any loopholes that hackers have found. We have found that websites running on older versions are the ones that get hacked.

Files that get hacked

If your website is found to be sending out spam emails it could be that some hacker has got lucky, guessed your password and altered one or more of the website files to automatically send spam. This can cause your host to suspend your website.

To fix that you should change your password and using an FTP program or File Manager find which files have been modified by listing them in date order. Alternatively you can just reload the whole website from the copy on your computer, or from your web designer. Or you can reinstall WordPress and import the exported MySQL database.

Insecure Forms

Protect your site from hackers trying to guess a password by coupling login name and password for validation. Have the response say something like “Either the name or password is invalid” so that the hacker doesn’t know which one is incorrect.

Add Captcha to your forms. This is a script that requires the visitor to type characters from an image on the form, something an automated spam program cannot do. It stops hundreds of spam emails from the form

Forms Allowing File Uploads

Limit the extensions of file uploads to those of images, JPG, JPEG, GIF, PNG, etc. to avoid any executable files getting uploaded to your website. Have any uploads go to a folder outside the website.

SSL

To keep any visitor’s personal details entered on a form secure, get your host to install an SSL certificate. This should cover any form with sensitive information such as credit card details, or date of birth, driver’s license and any details allowing identity theft. This will cost a few dollars per year but will make your visitors feel better about filling in such a form.

ModSecurity

Many web hosts have installed this security plugin to their firewall. This blocks any IP address from which a number of invalid login attempts have been made in a short period. This slows down any nefarious hacker from guessing your username and password to login to your control panel or FTP or email account. Unfortunately the odd website owner who has a lapse of memory can, by using the wrong password too often, lock themselves out of their own website. Fortunately they can ask their host to unblock them.

Conclusion

It’s not a perfect world and even NSSA and FBI websites have been hacked, but anything you can do to slow down hackers will help keep your website safer and encourage visitors.

wordpress hosting sites
#Protect #Website