VPN Articles and News

How To Protect Your Website From Hackers

By Paul Liu
Wednesday, June 4th, 2014

Hacking is a serious security threat that most webmasters have to face on a daily basis. According to reliable estimates, a new website is hacked every 5 seconds so you can imagine the seriousness of the threat. However, a lot of hacking attacks could be prevented by following some simple to implement security practices. This article will suggest several ways on how to protect your website from getting hacked.

1) Update the CMS

In order to protect you website from the latest security threats, you must remember to update your site’s CMS, plugins, scripts and templates from time to time. Hackers regularly discover new security flaws even in the most secure content management systems and that is one reason why most CMS vendors release new updates on a regular basis. In order to check whether any new update for your CMS is available, you can visit the CMS vendor’s site or login into your Customer Dashboard area and check for the updates manually. It is also a good idea not to rely totally on the CMS’ built-in security features and install additional security plugins that are compatible with the CMS.

2) Use Custom Error Messages

Most websites reveal far too much information through their error messages (database name, backend table and column names, version of script and database used etc.) which could be easily exploited by the hackers. To prevent your site from getting hacked via this method, ensure that you use a generic error message for all errors that does not reveal any information about the CMS or backend.

3) Check Folder and File Level Permissions

A lot of hacking attacks are facilitated by the generous folder and file level permissions assigned by the webmasters. Before assigning Write or Execute permission to a particular folder or file, you should carefully evaluate whether the permission is really needed. This is especially important for websites that allow users to upload files since hackers may upload malicious files under the guise of a safer file and then execute them if a favorable file level permission is available. As you can imagine, this could cause some serious damage to your site and may even result in leaking of your personal data.

4) Protection Against XSS Attacks

Cross site scripting (XSS) is a type of vulnerability that allows hackers to pass malicious scripting code to web servers through online forms. Over the last few years, the XSS vulnerability has turned into a serious security threat and it now forms the basis of a majority of web based hacking attacks. To protect your website against XSS based attacks, you must use stronger client side validations and remember to strip scripting code from the form values.

5) Protection from SQL Injection

SQL injection is yet another technique used by the hackers to steal data or cripple a data driven website or application. In this type of attack, hackers insert extra SQL code within the form values or URL parameters which then triggers a database level command. These types of attacks could be prevented by using parametrized queries, escape characters and by restricting the database permissions.