Zomro » Полезные статьи от Zomro » Безопасность » Site Security Tips
flag We stand with Ukraine. To make an impact, please consider donating.

Site Security Tips

Now it's easier than ever to build a website for yourself or your business using CMS platforms like WordPress, Joomla and Drupal. These multifunctional platforms provide users with all possibilities to launch a website in a matter of minutes.

But it's always a good idea to secure your website not to be hacked in the future.


Did you know that 65% of cyber attacks target small or medium-sized businesses? Moreover, every 39 seconds, a hacking attempt is made.


You might think that your website contains nothing special or important, and all the information is publicly available, so there is no need to protect it, and there is no need to bother. The fact is that a hacker can use the hosting platform you pay for to commit various evil acts: sending spam messages, placing malware for downloading or even hacking into other websites.


There are a number of steps you can take to keep your website, and eventually all your data, safe:


Keep the website up to date

This is one of the most important things you can do to keep your site secure. Most hacks are carried out by automated systems that scan the Internet for outdated software vulnerabilities. Then the computerised tools check the website using a database that lists vulnerabilities in versions and plugins of WordPress. There are similar databases for other available Content Management Systems (CMS). Constantly updating the website, plugins, themes, and others will ensure that any vulnerabilities are fixed as soon as they are detected. Most CMSs have an automatic update feature to improve security. If the updates do not happen automatically, it is essential to visit the website and update them manually.


Use unique passwords

Hackers have been compromising databases to intercept customers’ data for years now. With this data, hackers can either sell the combination of email addresses and passwords to test on other websites or sell the email addresses for spamming purposes. Nowadays, most websites encrypt passwords for storage, especially CMSs like WordPress and Joomla. However, due to past leaks, billions of personal data are already available for attackers to exploit.

That is why it is essential to use unique passwords for each website, so if a third party website is hacked and you use the same username and password, a hacker will not be able to access your website.

If you have trouble remembering individual passwords, you can use a password manager to increase your security. Such an application will save all personal passwords and allow you to have even a 21-digit password. However, it is needless to say that you have to have a unique and strong password.


Plugin selection

It is important to remember that while the plugins are handy and may provide functionality that is not available in the vanilla version of the CMS, these plugins are developed by individuals and are not checked for security or performance by the CMS developer.

When choosing a plugin, you need to pay attention to:

  1. The last update date (constant updates mean it is being actively worked on, and any security issues will be resolved relatively quickly).
  2. The number of installs (if two plugins do the same job, and one plugin has 1000 installs and the other has ten installs, then the plugin with the most installs is likely to be not only more helpful, but also safer), and the reliable sources (use only official plugins.
  3. Do not install pirated versions of plugins as they are most likely to contain malware to infect the website).

User Access

Use two-factor authentication for the login page. After entering a username and a password, the user must enter the second piece of information to continue. It can be a text containing a unique code or a password offered by an automatic one-time password generator. This will prevent people from using stolen login details to access the system.

Restrict login page access. If you do not expect users to log in to the website, you can restrict the login page's IP address so that only your IP can access and log into the login page.

Do not use shared accounts. Each user of the website must have their login for reporting and monitoring purposes. How would you know which account has made the unwanted changes to a shared account if such an event happened?


Install SSL

Having SSL (Secure Sockets Layer ) will not stop hackers from attacking the website, however it will protect the login page and any other entered data from being viewed by anyone else on the network.

This is especially useful when using a public Wi-Fi hotspot because anyone else on the network can see who is connected and, in some cases, read the data being exchanged.

Without SSL you send the data as an open text. But if you install SSL it will encrypt the data, so only the destination site server can read it.

We wish you every success and are always happy to provide you with a high-quality hosting.

//