Very recently my PC was hacked by some Indie Hackers who just played “Vandae Matram” on my system for 30 mins. That is when I realized that I need to beef up my security. Among installing a new antivirus, running a full Malware scan and setting up a firewall- one thought kept lingering. What about my online presence? My servers/websites ? Have they been compromised as well?
So this article is just an overview of what I did in order to make my website more secure from hackers.
I have a WordPress site. And every once in a while they ask me to update the framework in order to be secure from the security bugs loops ETC.
If you host your website on some other framework and make sure that you update the thing regularly. If you have your own server like me, then make sure the system and all its dependencies are updated regularly in order to be on the safe side.
The next basic but crucial step would be to make sure you have a separate password for all your accounts and those passwords are a combination of alphabets, numerical and special characters. For those of you who have troubles in doing so, you can use tools like lastpass to make your work easy on this front.
Secure your pages with SSL Certificate:
NOTE: SSL does nothing to protect your site against any malicious attacks, or stop it from distributing malware.
SSL encrypts the data between your user and the web server so that if someone does a man in the middle attack, then he will get gibberish data. SSL is especially important for E-Commerce website security and any website that accepts form submissions with sensitive user data or Personally Identifiable Information like credit cards. The SSL certificate protects your visitors information in transit, which in turn protects you from the fines that come along with being found non-compliant with PCI DSS. Even online casino sites sites have secure websites that have https factor.
Usually people want to store all there websites on one server / one hosting account cause it is simple. But the flaw here is that, if your hosting account is compromised then all your websites and data is compromised as well. Having each website on a different container is always a good practice.
Changing Default Settings
This problem used to plague most of the web masters in the previous years, but now the softwares itself come with random default passwords due to which the number of people doing this blunder has decreased. But some CMS’s and servers still give the default passwords which anyone can easily get a list of. Make sure you are not making this blunder. Don’t worry, even the pro and elite make this mistake- A korean teen had hacked into facebook using the password- password
- Use Cloudflare
Straight away, most of the attacks and bots can be stopped by cloudflare which in my opinion is the best free way to secure your website and also give it more functionality.
This is how cloudflare works. It also acts as a CDN which reduces the load on your server.