Friday, January 13, 2017

How to protect your site from hackers

Is your website need security   many of web owner not take it seriously that they need website protection. Why anyone want to hack your website and how you can protect that from hacking.

Website password 

You website need to have strong password so hacker have not easy to crack it . Only set strong password one time   and not change it regularly is not enough you need to change you web password in time interval to reduce the chances of password hack. Use  alpha numeric password  with special character  which is not  easy to guess and crack  your password strength should  be  8 character or more  for strong password .Use upper and lower case combination with all these .
In advance if you are using any CMS for you website they provide good password check and auto generate   random password combination for security reason you can use them easily.

File Uploads 

If you are providing file upload facilities for visitor or logged in users you need to take care. Add the  file type   of file you want  to allow user upload  on site  like  image file , word doc file or  any other  type   to restrict all other file type  so user unable to upload that  on server .Add  size limit  because  very large file may create issue in site  process and  take time to scan process if you are using antivirus to scan files . Try to save files outside the root directory if possible .Change the   Permission of uploaded files folder to chmod 0666 so   it can’t be executed. You can also give permission by .htaccess  for that  


   <Files ~ "^\w+\.(gif|jpe?g|png)$">
    order deny,allow
    allow from all

 You can add any file type here and add the code in .htaccess file on root to apply condition.
Other solution i have  mentioned that  to save files in private folder outside the  root  in that  way you need script to access files from that  private folder .
Most hosting provide provide facility for this  you can also set it  by setting  firewall setting  and block all non essential ports  only allow 80 and 443 for  outside  all.
If you are trying to upload files  try to upload if from secure  method like SFTP.On other way  add data base on other server  and  connect if on your server  by this way  database  server cannot be accessed directly  and you database is safe  in this way .

Use Website Security Tool 

If you want to  check  website security  you can use any third party tool to check all website  security and  they also provide you hint  how you can fix  security issues  which arises in software audit .
If  you are using  CMS like word press you can use security  plug-in like  wordfence security

All In One WP Security & Firewall  Itheme Security   there is many more option available which you can use in CMS word press for security and scanning

You can use  other     scan my server , sucuri ,Site Guarding  etc many  more   by which  you can check  you site  security  issues .
 After checking all  list you can start working on issue  which they  list to make site more  secure .

Guarding Include Files

In php we many time  include files on page  as per requirement  for our ease which contact  code  database  credential and  any other sensitive information . many developer  just include the file with  extension .inc  in that  way file  can directly accessible as text file only not php because php not parsed it directly .
If any attacker directly accesses this file then he can easily get all the database credential detail and any other sensitive information which is in that file and can attack on related database and other file easily. So always  include  your files  with the extension  .php  and keep these type of file which have  sensitive information   out site  in  a folder which is not directly  accessible   by any one .

Error handling

It’s  good to check all the  related  errors and warning  if we are developing and application  for its security  because  fixing error and warning  will secure our application lack hole .After completing  application hide all errors and warning  because live  hacker can easily  trace the vulnerable.
When  you are developing any application   configure you server as like for development and production server   in development  server  you  need to  show all the error and warning  so that  you able to fix all the issue and lack of security easily  on development server  and  when go on live server  hide all the  errors and warning  from you application so   hacker not able to see  loop hole in site if any .

Protect Session Data

You session data default save in  temp file and   on shared  hosting  it can easily  accessible by writing  script  easily .So we need to protect our sensitive information  like  credit card info password  etc  from hacker to access that  by session data .
You can protect  that by  sending  data in encrypted for  so that  its not  normal readable  for any one .You can change the  session data store location so that  hacker unable  to access that easily  from default location  you can use  session_set_save_handler()  for that  purpose by your  own way .

SQL Injection Attack

Sql injection is the process of accessing data from form input field submission and also from url 
And adding that in database and making changes based on data captured and delete table data and many other activity can b done by that way.  To fix this you need to use parameteralised query in which pass the parameter in query to access data.
Like  "SELECT * FROM table WHERE column = '" + parameter + "';"

Keep Up to date

Keep you software program up to date with the new latest versions so any issue in previous version will directly fix your site issue. If you are using any cms or software in your site   update that time to time according to latest versions.
In Hosting  company  taken care of his software’s  updates and  update theme  accordingly  security  time to time  you also need to check regularly  many  time they  provide  manually option for  updates so you need to follow their instruction and  work on that to fix any possible security  hole  if have .