We think that some web defacements have lately occurred and influenced certain clients in our Shared Hosting customers. We know that some of your accounts have had a huge effect. In this context, we want to take advantage of this chance to educate clients on the managing their websites to safeguard themselves against minor external threats.
For preventive measures against hacking or injection, please refer to the following guideline. It might take you some time to complete reading the steps, but they will certainly assist you to manage a safer web site.
1. CMS Files Permission
Don’t assume your open-source internet apps, such as CMS, are 100% secure. There are problems and mess ups or safety problems with every software. Hackers can discover them at some stage in time when a CMS has a safety defect.
2. CMS Application Security Updates
Don’t forget to maintain yourself updated with your CMS security holes. The majority of open-source systems regularly release updates. All systems do not, however, instantly check for updates and some can’t automatically install them. Keep yourself updated by joining mailing lists or following Twitter accounts of those services.
3. CMS Application’s Admin Login
Do not forget who’s responsible for your CMS updates. You might have used the1-click installer of your hosting providers or maybe the CMS was installed by your web designer for you. But do they update it for you? Rarely. Remember that the update of your CMS with the latest safety patches is your responsibility. Alternatively, your webmaster, website design specialist or website designers could outsource the job.
4. CMS’s Notification & Alerts
Do not ignore any alerts if your CMS gives you updates! Systems such as Umbraco and DotNetNuke have a feature to verify if updates are accessible when you sign in. A system like WordPress can also monitor updates, and you can update your CMS very readily by a few clicks in the administrator (do not forget to back up before updating). Seriously take update alert and immediately update.
5. CMS’s 3rd Party Module and Application – Security Issue
Remember to update third party modules. Other developers than the open-source team could have developed the modules on your CMS. These modules may include safety problems as well. Just as you have to have an update on the CMS, you also need to update the third-party modules your CMS uses.
6. Webmaster or Site Developer
Don’t forget to work with a specialist or supporter. It can be hard and laborious to keep your system up to date. You can save precious time and focus on running your company if you collaborate with an expert consultant who updates your open-source system. You can pay him monthly, and if available, he will update, or you can pay through the tasks.
7. Password Login Policy
Remember to have a solid password policy. This is really the biggest reason why hackers get access to systems by getting the weak passwords. At least 8 characters, with numbers, letters and try to create long passwords. Do not use your name or your city zip plus. If you find it difficult to keep a long password, try to use the first letter of each word to make the password for a phrase with a certain number. E.g. “The Rabbit jumped over 4 Stones and 7 Flowers” makes the password TRjo4Sa7F
8. Database and Backup
Do not forget to always back up your entire system ( both files and databases). You assume you have it all backed by your hosting provider. Well, they do, but mistakes happen even at the largest hosting suppliers. Furthermore, the hosting suppliers’ backup history is maybe only a couple of weeks long. The very first thing a hacker does when your system gets hacked, is to leave a backdoor.
After weeks perhaps months he returns and defaces the homepage. When your hosting provider restores your system with the newest backup, the hack is still on the surface. Recall that it takes some time for your homepage to maintain and update a Free Open-Source CMS. It might be a wonderful idea to outsource this part.
9. Malware, malicious scripts in Free Templates
Many websites give CMS free templates such as Joomla and WordPress, but you may not understand that some of them have hidden parts of code in these templates that are bad. Some templates contain links that are not so friendly, and they cannot be deleted because it’s part of the author’s contract to use the template.
Steps need to be taken:
- To use the free template, you must keep the footer intact. The issue is that links to websites with a small or poor reputation can be found at the footer. You may discover your site in a poor neighbourhood if these links do not have a follow-up This is very bad for Google and could make a blacklist of your website.
- Base64 code is harmful because the code is encrypted and often it is used to conceal malicious code. The code discovered in a theme model is a danger. It can also have connections to hazardous websites from the malicious code. Your theme will stop working though, if you remove the Base64 code.