How to secure your Website/Blog from hackers?
Hackers, this word is well known to all internet users. They are spread out over the world here and there for abusing or mal-practicing on the internet. There are few people aware of website or blog security before experiencing hacked. Hacked means, you are losing your hard work, time as well as money. Hence, 29 website/Blog security techniques will provide you peace of mind from hacking.
- Choose good host
- Select best theme
- Install trusted plugins only
- Secure login user name & password
- Keep software up to date
- Use website security tools
- Watch out for SQL injection
- Regularly update your plugin
- Protect against XSS attack
- Automatically back up your website
- Be aware about error message
- Install a firewall
- Validate on both side
- Avoid file uploads
- Use HTTPS
- Don’t disclose website version for all
- Public networks
- Add password authentication to your WP admin folder
- Scan your website regularly
- Install plugin to guard against copy or paste your content
- Set up your own Google authorship
- Use CSP
- Make sure your computer is safe
- Enable hot linking protection
- Ensure email security
- Use a VPN
- Secure your smart phone
- Limit login attempts
- Use parameterized queries
Learn & be safe from hackers
You have to gather some skills and knowledge about the protection of hacking. Few words of this article can provide you with techniques accordingly.
1. Choose good host
In the global village, websites are playing a vital role, undoubtedly. There is several web hosting company available around the world. It’s too much hard to select the best one. Everyone saying, they are providing the best services. By considering the following criteria, you can choose the best hosting company for your upcoming website.
Free Trial Option
Content Management System
2. Select the best theme & protect your blog from hackers
Best website depending on the best theme. Considering the following features, you can select the best themes for your blog or website security.
- Themes should be as simple as possible
- Browser compatibility
- Supported plugins
- Page builder
- Back up service
- SEO friendliness
- Rating & Reviews
3. Install trusted plugins only
It’s easy to access for hackers through plugins you install. That’s why to be cautious during installing plugins in your blog. Try to consider the following four things, when installing plugins.
- Ensure plugin features available in the plugins directory on wordpress.org
- Check rating
- Overlook downloading number
- Check out third party reviews
The above criteria mention trusted plugins. So, install only trusted plugins.
4. Secure login user name & password
The default user name admin is well known, not only to hackers but also to everyone, especially for WordPress blogs. So, change this default user name as soon as possible, even if possible yesterday, does it.
Password should be a letter, number including upper and lower case. It should be as strong as possible to prevent hacking.
To prevent a brute force attack, use Captcha. To implement captcha, use BWS plugins for WordPress blog. It will help you in controlling spam as well.
5. Keep software up to date & be safe from hackers
To keep your blog secure, you should keep your software up to date. It should be from the both end of your server operating system and your websites such as CMS or Forum. When security holes are found in your software, hackers are quick to attempt to abuse them.
If you use, managed hosting solution then you don’t need to worry about software updating for the operating system. This is the responsibility of the hosting authority.
If you use third-party software such as CMS or Forum, then you should update them quickly when it is available. You can use security tools like Gemnasium to get automatic notification when a vulnerability is announced in one of your components.
6. Use website security tools & be safe from hackers
The purpose of website security is to protect against various sorts of attacks and unauthorized access, use, modification, disruption, and destruction. Various types of website security tools are available. Such as-
WordFence, SECURI, CloudFont & GoDaddy website security etc.
The WordFence security tool has awesome features. It limits the login attempts, scans the themes and WordPress plugins as well as scans the comments for fishing URLs & Malware, and checks out outdated plugins.
7. Watch out for SQL injection
Be careful during SQL injection. Hence, attackers use web form field or URL parameters to gain access to or manipulate your database. When you use standard Transact SQL, it is easy to insert unknowingly rogue code into your query that could be used to change tables, get information or delete data. By using parameterized queries, you can avoid it. Most web languages contain these features which are easy to implement.
8. Regularly update your plugins & safe from hackers
You should update your plugins regularly to implement changes on your website immediately. This will improve word press security and website performance. The developer doesn’t update the plugin. WordPress site owners are always cautioned to keep WordPress core and add-ons updated. When kept unattended, add-ons develop vulnerabilities that hackers exploit to break into a site.
9. Protect against XSS attack
10. Automatically back up your website
Normally, word press CMS is easy to hack due to its ease and huge plugins. Sometimes your website may attack. It will be one-click action if you keep an automatic backup. Otherwise, you have to suffer from hackers. In that case “WPvivid Backup Plugin” can help you to take automatic back up. Also, you can take great advantage of the No#1 plugin iThemes Security (Formerly Better WP Security). It has various special features that may act as you like without interfering with your site`s plugins, themes, or content. By using this plugin, you can secure your website from basic attacks.
11. Be aware of the error message & be safe from hackers
Hackers can use error messages for hacking. So, be conscious of the error messages.
12. Install a firewall to protect hackers
To protect your blog and other security attempts, you should install OSE Firewall. It`s open-source excellence. This Firewall has a built-in scanner that will scan your blog for any malicious codes. Besides, it has new anti-spam features for keeping your blog spam-free.
13. Validate on both side for keeping your website hackers free
Validation should always be done both on the browser side and server-side. The browser can catch simple failures like mandatory fields that are empty. On the other hand, server-side failing to do so could lead to malicious code or scripting code being inserted into the database and cause undesirable results in your website.
14. Avoid file uploads & be safe from hackers
For keeping your website safe and free from security risk, try to avoid the file uploads option even, if it is simply to change their avatar. But don’t forget about restricting physical access to your server.
15. Use HTTPS for keeping your website free from hackers
HTTPS is an internet security service protocol. It is guaranteed that users are talking with a trusted site that they want. And nobody else can intercept or change the content they are seeing in transit. So, use HTTPS.
16. Don’t disclose website version for all & be safe from hackers
Generally, WordPress website publishes version number that helps to visitors easy to understand which version you are operating. But, disclosing the version number for all makes your website vulnerable to security threats and attacks. To overcome it, you can delete the Readme.html file from your WordPress installation directory.
There are a huge number of themes in WordPress containing login links to access easily a login page. But, you don’t need to reveal the login page in such a manner that will invite everyone including hackers, to access it. So, if you have a theme with a login link, remove it or modify it.
To solve the above problems, you can use the “Hide My WP Ghost Lite” plugin.
17. Public networks easy to access for hackers
A public network is one wherein anyone can access and through it can connect with other networks or the internet. In this way, the criminal or hacker can access the user’s banking credentials, account passwords, and other valuable information. Public Wi-Fi is inherently insecure be cautious. Laptops, Smartphones, and tablets are all susceptible to wireless security risks.
18. Add password authentication to your WP admin folder
Put password authentication to your WP admin folder and keep your site safe from hackers. And make it hard for them to break in through your login page. It’s very easy and simple to activate. To implement this action go to your website cPanel and try to follow the below procedure.
cPanel > Files > Directory Privacy > Select folder > Click edit > Put tick mark on Password protect this directory box > Save.
19. Scan your website regularly & protect hacking from hackers
Threats are everywhere. It’s impossible to provide a 100% guarantee for website security from potential online attacks and malicious activities. According to SUCURI 2019 website threat research report, a majority of the compromised environments were associated with SEO spam (62%) and website hacked from backdoors (47%). So, scan your website regularly to avoid compromise and keep it safe at the highest possible level.
20. Install plugin to guard against copy or paste your content
It’s too easy and simple to copy or paste your content. Some content thieves like this. If you don’t want to allow them to make a copy or paste your content, then you can install the WP content copy protection plugin. Not only but also, it will protect your images to download and print your content. Upon activation of this plugin, it will work straight out of the box. If you want to change settings, you can do it from the Copy protection page in your WordPress admin. Hence, you can choose to enable or disable options for specific content and click save settings.
21. Set up your own Google authorship & be safe from hackers
There are huge content thieves available in the blogging sector. And, published this stolen content on the other side for trying to get more traffic. To activate your own Google authorship prior it was using Google+. Nowadays, Google+ stopped its activities. But, Google has a keen algorithm to find out who is the actual owner or prior content publisher. Based on that analysis, Google is giving a ranking. So, set up your own Google authorship.
22. Use CSP
Content Security Policy (CSP) is a handy tool that can help to protect your site from XSS. So, try to use CSP for keeping your site safe.
23. Make sure your computer is safe
Hacking is common. To avoid hacking your website, make sure your computer is safe. In the following way, you can make safe your computer.
- Install antivirus software
- Use computer complex passwords
- Keep your apps, OS and browser up-to-date.
- Keep back up your computer
- Use virtualization
- Shut it down
- Use two factor authentication
- Ignore spam
- Use encryption
24. Enable hotlinking protection
The direct copying of images from someone’s blog is called hotlinking.
Hotlinking protection prevents directly linking to the files from other sites. When any hackers copy your content and publish your article on his or their blog then images still point to your server. In this way, your blog is losing its performance. In other words, you can say hackers stealing your bandwidth. For getting safe from this incident, you can enable hotlinking protection in the following way.
Go to your site cPanel > Security > Hot linking protection > Click on Enable > Tick on check box.
25. Ensure email security
Hackers are around you. You cannot ensure the 100% security of your website. They can hack your website through your website communication email. To overcome it, you have to ensure email security. With the following tips, you can do it.
- Use secure passwords
- SSL can use
- Create SMTP user name for each sender
- Be careful to open attachment
- Consider multiple email accounts
- Don’t show email address in the public place
- Be careful about public Wi-Fi
- Don’t reply to spam or phishing schemes
26. Use a VPN
Virtual Private Network (VPN) is establishing a secure connection between you and the internet. When you use VPN, location and IP address are invisible to everyone. Hence, VPN is giving security to your website against hackers.
27. Secure your smartphone
To avoid hacking your website, secure your smartphone. In the following way, you can secure your smartphone.
- Turn off blue tooth
- Don’t use unsecured public Wi-Fi
- Get a security apps
- Use a better pass code
- Switch off auto complete
- Clear your browsing history
28. Limit login attempts
The word hacker is well known to all in the internet world. Hackers can use Brute Force Attack to hack passwords. They can repeat this process until getting it right.
To keep secure your Word Press admin page, limit the login attempts from both sides (Session time out and a number of login attempts failed).
29. Use parameterized queries
Hackers can hack your website by SQL injection. To overcome this type of hacking, you can use parameterized queries. By using parameterized queries, you can ensure your code has specific enough parameters so that there’s no room for a hacker to mess with them.
Nothing is 100% secured. But, if you consider the above hints, you may reduce hacking and keep safe your website. Try to educate your team about hacking and keep yourself peace of mind.