Here are the tips which you should follow to secure your website -
1. Please scan all the uploaded files on the site periodically.
2. Please ask your web developer or server administrator to check the spam codes in the file.
3. Please remove all those code and make sure to patch your all scripts.
4. If you have any CMS installed on your website then please make sure to update it to it's latest version.
5. Please make sure to enable the new plugins and update them too.
6. Please download all the uploaded contents on your local system and scan then with the latest antivirus.
7. You should update your cPanel, email account, FTP and databases passwords periodically.
8. Please do not share your control panel password and database password using any of the chat applications or insecure medium.
9. You can check the cPanel access logs to check from which IP address activity of adding the malicious code has been taken place. Please block that suspicious IP address.
10. You can also check the HTTP request coming to your server continuously with their IP address. You can check the location of those IP addresses and can block the IP address if those are from the un-legitimate locations.
Besides this, you can ask your web-developer to write the script for your server which will detect the spam activities periodically. You can run those scripts every 3 to 5 hours to check the un-legitimate activities on the server so you can take the quick actions according to the activity on the server or site and can take the necessary action.
Keep your Software Up to Date
It is crucial to keep all platforms or scripts you've installed up to date. Hackers aggressively target security flaws in popular web software, and the programs need to be updated to patch security holes. It is important to maintain and update every software product you use.
Enforce a Strong Password Policy
It is important to use strong passwords. Hackers frequently utilize sophisticated software that use brute force to crack passwords. To protect against brute force, passwords should be complex, containing uppercase letters, lowercase letters, numerals, and special characters. Your passwords should be at least 10 characters long. This password policy should be maintained throughout your organization.
Encrypt your Login Pages
Use SSL encryption on your login pages. SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Information entered on a page is encrypted so that it's meaningless to any third party who might intercept it. This helps to prevent hackers from accessing your login credentials or other private data.
Use a Secure Host
Choosing a secure and reputable web hosting company is very important to your website security. Make sure the host you choose is aware of threats and devoted to keeping your website secure. Your host should also back up your data to a remote server and make it easy to restore in case your site is hacked. Choose a host who offers ongoing technical support whenever necessary.
Strengthen the access control - One can avoid unauthorized access by strengthening the access control and limiting the number of login attempts in a span of time. The username and password must be difficult for the hackers to guess. Do not keep it simple and predictable.
Add Captcha to online forms - Adding captcha brings in additional cyber security and protects a website from Denial Of Service (DDos) attack by preventing the hacker affect the website traffic. In effect, this can protect the website from uploading fake data.
Disable Autofill - Always keep the auto fill feature disabled. If you keep it enabled, you are inviting the trouble yourself.
Hide Admin Pages - Your admin page shouldn't be easily available i.e. it should not have direct access. Ensure that your admin page does not appear in the search engine results.
Below are some essential things that you can do to safeguard your website right now:
. Update your software on regular basis
. Create a custom Admin Path
. File Change Monitoring
. Enforce a strong password policy
. Encrypt your login pages
. Always use a secure host
. Scan your website for vulnerabilities
. Hire a security expert
You can secure your site by taking care of the following factors,
Access Restriction : Access should be reserved for trained and authorized technicians.
Network Monitoring : Regularly monitor the network for intrusions or unauthorized activity
SSL and Firewall
DDoS Prevention : Use proper tools to mitigate DDoS attacks.
Malware Detection and Removal : Regular file scans should be performed on client accounts
Password and User Access : The strongest passwords should be reserved for admin staff and guest authors since they have the most potential to impact the site.
Plugins, Applications, and Updates : When selecting plugins and applications for a website, consider their age, amount of installs and updates.
Backups : Backups should be automatic and frequent in order to maximize site uptime despite server failure.
Web applications, be they thin websites or thick single-page apps, are notorious targets for cyber-attacks. In 2016, approximately 40% of data breaches originated from attacks on web apps â€” the leading attack pattern. Indeed, these days, understanding cyber-security is not a luxury but rather a necessity for web developers, especially for developers who build consumer-facing applications. HTTP response headers can be leveraged to tighten up the security of web apps, typically just by adding a few lines of code. In this article, weâ€™ll show how web developers can use HTTP headers to build secure apps. While the code examples are for Node.js, setting HTTP response headers is supported across all major server-side-rendering platforms and is typically simple to set up.
You can keep you software up to date
Protect against XSS attacks
Validation should always be done both on the browser and server side
Everyone knows they should use complex passwords, but that doesnâ€™t mean they always do.
Allowing users to upload files to your website can be a big website security risk, even if itâ€™s simply to change their avatar.
My website is secured with a VTMscanfrom bodHOST.
â€¢ Robust Link Crawling
â€¢ Banner Grabbling
â€¢ CMS Detection
â€¢ Malware Scan
â€¢ Content Change Monitoring
â€¢ LFI and RFI Detection
â€¢ OWASP Audit
â€¢ Domain Reputation Check
â€¢ SSL Scan
Generally the best tip probably is don't implement any security sensitive features yourself if you can possibly help it. Specifically, use an existing battle tested login and password system instead of writing your own, and use a framework that is designed to protect you from XSS attacks
If you prefer to use control panel. You can choose the paid panel so most security measures were already taken. Then you can use virtual server so you can allow only the port you are using. You can choose cloud flare for DNS so it will very hard to find the IP etc.
Keep software up to date
Watch out for SQL injection
Protect against XSS attacks
Beware of error messages
Validate on both sides
Check your passwords
Avoid file uploads
Get website security tools