Skip to Main Content

Secure Your Website From Hackers

Updated: October 19, 2011

You can go to great lengths in order to secure your website from being hacked, but by taking a few measures you will prevent almost all hacking attempts on your website from being successful. If you have already been hacked, the website needs to be properly cleaned in addition to taking the measures to prevent it from being hacked again.

Secure Your Computers

Many hacks come from hackers getting FTP access to websites from malware on computers that have been used to access the website via FTP. It is important to make sure that all the software on those computers is kept up to date. The way that malware generally gets on machines is through security vulnerabilities in software that is accessible through your web browser, including things like Adobe Reader and QuickTime. Google's Chrome web browser, starting with version 10, automatically checks for outdated versions of that type of software running on your computer. You can also use Mozilla's Plugin Checker to check the current status of that type of software. For Window's users the Secunia Personal Software Inspector will also check for outdated software. You should also run a good anti-virus program on those machines.

We would also recommend using a web browser that uses data from Google's Safe Browsing system, this will stop the web browser from accessing content on a website Google has detected malware on. Currently Mozilla's Firefox, Google's Chrome, and Apple's Safari access this data.

Update Software

Outdated version of web software, like WordPress, Drupal, and Joomla, frequently contain security vulnerabilities that have been patched in subsequent versions. Keeping all the software running on a website updated, including add-ons, insures that these cannot be exploited by a hacker. If software is no longer being used it should be removed. The following links explain how to check if you are running the latest version of Drupal, Joomla, MediaWiki, OpenX, and WordPress. You can also use our web browser extension, Meta Generator Version Check, to receive warnings when certain outdated software is running on a website.

SQL Injections

If you have custom written code on your website that accesses a SQL database the website is potentially vulnerable to a SQL injection hack. All input data needs to be properly sanitized to prevent SQL injections. The developer of the code should be able to tell you if this is done by the code or a developer familiar with developing web code should be able to review the code for this issue. This especially important if you have an ASP based website.

Use a Secure Web Host

There have been a number of major hacks that have been cause due negligence of a web host to properly secure their systems. Unfortunately there is no way for you to fully review their security. What can do is find out from them if they taking the basic precautions which hosting providers who have been hacked in the past have not taken:

Ask them if they store user's passwords in plaintext on their systems, they shouldn't. Ask them if they have access controls in place to prevent other users from accessing your websites files (no matter the files permissions), they should. Ask them if they keep the software on their servers updated, they should (you can also check if your current host is running current versions of important software yourself). Ask them what their policy is on updating outdated software.

We also are compiling a list of web hosting providers we have found to have security issues.

Backup

While it won't stop your website from being hacked, if you have a make frequent backups it will make it easier to restore your website if it has been hacked. You need to make sure to backup both the files and any databases. If you store a backup that has never been on the server you can insure that you will have a completely clean copy of the website. It is also important that you test your backups to make sure they will work if you ever need to use them.

Related:

Services

Resources