SERVER OS: Linux ip-10-0-2-47.ap-southeast-2.compute.internal 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64
SOFTWARE: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.33
PHP VERSION: 5.6.33
Web security is the best it’s ever been; however, there are still many shady characters, lurking in the shadows of the internet for the first sign of weakness on your site. If you don’t take the necessary precautions, you leave your site vulnerable to attack. Ensure your site and data is safe with these security tips to stop the hackers.
1. Update your software
It may seem elementary but the older your software is, the easier it is to infiltrate. Ensuring that every piece of your online software is up to date, from your CMS to your server operating system, eliminates the risk of potential security flaws and reduces the risk of security breach.
If you have a managed hosting provider, the server operating system is not your concern, as the upkeep is included as part of the management fee. However, it is your responsibility to maintain your content management system (CMS) to the latest update. Most third-party CMS systems (like WordPress, Joomla and Magento) will notify you of software updates via email or on a feed found on your dashboard. This is always accompanied with a prompt to install the new updates. Stay on top of these updates by installing as soon as possible so as not to leave yourself open to threats.
2. Update your passwords regularly
Complex passwords are essential to ensure the security of your website and your server. If not strong enough, your password can be easily hacked.
The same applies for the users on your site. If your website facilitates users to create an account through which they can store personal information, it’s important to ensure that their privacy is maintained. The best way to avoid password hacks is to require all your users to choose a password of the highest possible strength.
Don’t know what password to use?
You can generate a strong password by Googling ‘password generator’ and using any of the free password generating tools available. The strongest passwords will have the most complex variety of characters. For example, capital and lowercase letters, numbers and symbols.
It’s also a good idea to update your primary passwords on a regular basis to make extra certain that your site and your server isn’t at risk of invasion.
3. Restrict visitor uploads
Does your website allow visitor uploads? It may be time to reconsider how your guests provide this information. By allowing your users to upload their own files to your website, it’s difficult to monitor and manage what they can attach to your site. Even simply letting members add an image to their personal account on your site can leave you open to attack. Why? No matter how harmless it may seem, even image files can contain script that, when attached to your server can give hackers open access to all your server data.
4. Limit your error messages
Error messages are par for the course for a website, but they actually provide hackers an opportunity to see potential cracks in your website security. Limit the information you provide to your users when an error occurs on your website but ensure you keep the detailed log on your server.
5. Get yourself an SSL Certificate
An SSL Certificate (or HTTPS protocol) provides encrypted security to the data entered on your site. It creates a seamless, uncompromised link between the user and the web server to guarantee that the information that users input is received at the right place and is not intercepted along the way. This is a fundamental requirement for eCommerce sites and sites that store customer information.
Google is adding to the push to make SSL authentication mandatory. In July 2018, Google will flag sites without the HTTPS protocol as ‘not secure’ for all users to see. This will not only have an impact on user trust, it will also impact your business’ SEO efforts, as sites without an SSL certificate will likely rank lower on Google search results pages.
How do I make these changes?
Web security is our bread and butter at Melbourne IT and we’d be happy to help. If you’re not sure how to carry out any of the recommendations above, get in touch with one of our Online Solutions Advisors and we can help you ensure your site is hacker-safe.