Is your website need security many of web owner not take it seriously that
they need website protection. Why anyone want to hack your website and how you can
protect that from hacking.
Website password
You website need to have strong password so hacker have not
easy to crack it . Only set strong password one time and not change it regularly is not enough
you need to change you web password in time interval to reduce the chances of
password hack. Use alpha numeric
password with special character which is not
easy to guess and crack your
password strength should be 8 character or more for strong password .Use upper and lower case
combination with all these .
In advance if you are using any CMS for you website they
provide good password check and auto generate
random password combination for security reason you can use them easily.
File Uploads
If you are providing file upload facilities for visitor or
logged in users you need to take care. Add the
file type of file you want to allow user upload on site
like image file , word doc file
or any other type
to restrict all other file type
so user unable to upload that on
server .Add size limit because
very large file may create issue in site
process and take time to scan
process if you are using antivirus to scan files . Try to save files outside
the root directory if possible .Change the
Permission of uploaded files folder to chmod 0666 so it can’t be executed. You can also give
permission by .htaccess for that
<Files ~
"^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all
</Files>
You can add any file
type here and add the code in .htaccess file on root to apply condition.
Other solution i have
mentioned that to save files in
private folder outside the root in that
way you need script to access files from that private folder .
Most hosting provide provide facility for this you can also set it by setting
firewall setting and block all
non essential ports only allow 80 and
443 for outside all.
If you are trying to upload files try to upload if from secure method like SFTP.On other way add data base on other server and
connect if on your server by this
way database server cannot be accessed directly and you database is safe in this way .
Use Website Security
Tool
If you want to
check website security you can use any third party tool to check all
website security and they also provide you hint how you can fix security issues which arises in software audit .
All In One WP Security & Firewall Itheme Security there is many more option available which you can use in CMS word press for security and scanning
You can use other scan my server , sucuri ,Site Guarding etc many
more by which you can check
you site security issues .
After checking all list you can start working on issue which they
list to make site more secure .
Guarding Include
Files
In php we many time
include files on page as per requirement
for our ease which contact code
database credential and any other sensitive information . many
developer just include the file
with extension .inc in that
way file can directly accessible
as text file only not php because php not parsed it directly .
If any attacker directly accesses this file then he can
easily get all the database credential detail and any other sensitive
information which is in that file and can attack on related database and other file
easily. So always include your files
with the extension .php and keep these type of file which have sensitive information out site
in a folder which is not
directly accessible by any one .
Error handling
It’s good to check
all the related errors and warning if we are developing and application for its security because
fixing error and warning will
secure our application lack hole .After completing application hide all errors and warning because live
hacker can easily trace the vulnerable.
When you are
developing any application configure you
server as like for development and production server in development server
you need to show all the error and warning so that
you able to fix all the issue and lack of security easily on development server and
when go on live server hide all
the errors and warning from you application so hacker not able to see loop hole in site if any .
Protect Session Data
You session data default save in temp file and on shared
hosting it can easily accessible by writing script
easily .So we need to protect our sensitive information like
credit card info password
etc from hacker to access
that by session data .
You can protect that
by sending data in encrypted for so that
its not normal readable for any one .You can change the session data store location so that hacker unable to access that easily from default location you can use
session_set_save_handler() for that
purpose by your own way .
SQL Injection Attack
Sql injection is the process of accessing data from form
input field submission and also from url
And adding that in database and making changes based on data
captured and delete table data and many other activity can b done by that way. To fix this you need to use parameteralised query
in which pass the parameter in query to access data.
Like "SELECT * FROM table WHERE column = '" + parameter + "';"
Keep Up to date
Keep you software program up to date with the new latest versions
so any issue in previous version will directly fix your site issue. If you are using
any cms or software in your site update
that time to time according to latest versions.
In Hosting
company taken care of his software’s updates and
update theme accordingly security
time to time you also need to
check regularly many time they
provide manually option for updates so you need to follow their
instruction and work on that to fix any
possible security hole if have .