10 Ways To Beef Up Your Website’s Security

• 5 min read
• Workflow, Security
• Share on Twitter, LinkedIn

About The Author

Blue Derkin is a Project/Social Media Lead at InMotion Hosting, a leading web hosting company. He lives in Los Angeles and enjoys reading, writing, and staying … More about Blue ↬

Email Newsletter

Your (smashing) email

Weekly tips on front-end & UX.
Trusted by 200,000+ folks.

Hacker attacks across the web are getting more sophisticated every day – after all, they have to. With the increased sophistication of anti-virus protection, firewalls, and application-based updates, hackers who want to stay in business have needed to get more creative. And they have, responding with increasingly sophisticated attacks that have forced the online security industry to scramble to keep up.

So how do the hackers stay ahead of the security experts? One reason is obvious – if they didn’t, they’d be out of a job. Another reason is institutional – a lone hacker working in a basement will be more innovative and faster moving than a large software company, thus more likely to come up with effective hacks.

However, I’d argue that the factor that plays the biggest role in the continuing success of hackers is a lack of awareness and vigilance on the part of software users and website owners.

Sorry to say, but it’s people who use “password” as their password for everything and those who have two-year old antivirus software that embolden hackers. If everyone was more committed to protecting their own data, then hackers would have a much harder time. As it is, so many people are blissfully unaware of their own vulnerability that, for hackers, it’s a numbers game – try enough websites and eventually they’ll find a vulnerable one to exploit. But that site doesn’t have to be yours!

You might be interested in the following related posts:

Here are 10 effective ways to thwart the best efforts of hackers:

• Web Security: Are You Part Of The Problem?
• Common Security Mistakes in Web Applications
• Content Security Policy, Your Future Best Friend

Website Security Tips

Keep Your Versions Updated

This is one of the simplest ways to stay a step or two ahead of the hackers. By downloading the newest versions and updates of Windows, WordPress, and your antivirus platform, you can make your applications or website just tough enough to crack. That way, hackers won’t bother with your site and instead move on to some other site whose owner hasn’t been as vigilant.

Beef Up Your Passwords

Ok, it’s 2010. The web’s been around for some time now. Isn’t it time you changed your password from your spouse’s name, “123456” or the dreaded “password?” If this past year taught us nothing else, it’s that people are surprisingly lax when it comes to choosing passwords for even their most sensitive accounts.

Pick strong ones and and use different ones for your banking info and email, your cPanel, and your FTP accounts – otherwise, your info and your site are vulnerable.

Lock Down Your File Permissions

Do you know what your file and folder permissions are set at? Some applications require them to be set at the open “777” to install, and then most of us forget to set them back to either “755” for folders or “644” for files. Double check yours to make sure.

Mind Your Links

Do you really know what kind of site you’re linking to from your site? According to experts, so-called “open redirects” are a major cause for attacks that are perpetrated through browsers. We all know what happens when we click on a bad link; now imagine what the result will be when you put a bad link on your site. It’s always best to trust completely any site you link to.

Use FTPS For Transfers

With this handy tool, all your FTP transfers are done using SSL. In fact…

Use SSL To Send Emails

Use this especially if, somewhere in any of your millions of untrashed emails, you’ve ever sent sensitive info via email.

Make Sure Your Web Host Runs suPHP

Under normal PHP, scripts run as “nobody,” your script is open access. With suPHP, access is limited to the user or to those explicitly granted permission. Not all hosts use suPHP, so make sure your host does and set up another potential roadblock for hackers.

Speaking of Hosts

Not all hosts are the same when it comes to ensuring your website’s security. Not all offer round-the-clock active server monitoring, or even suPHP (see above), so choosing a host that takes your security seriously takes a little legwork.

Look Beyond shared hosting

Be Savvy

If you know what you’re looking for, then you’re making a hacker’s job more difficult. Most hackers, if they come across a site that’s locked down tightly, would just as soon move on to another that offers easier access. You can make your site not worth the trouble by regularly scanning your logfiles for code that doesn’t belong, not installing suspicious WordPress plugins, and basically just being aware of what’s going on inside your site.

These 10 tips are just the basics, really – they’re a way to get everyone thinking about all the factors that go into running a secure site. If you make it a habit to keep your an eye on things and keep everything up to date, then you’re a much less attractive target to hackers than many other site owners out there.

For more info on the most common security lapses across the Web, check out the Top 25 Most Dangerous programming Errors (https://cwe.mitre.org/top25/). It should serve as a real eye-opener.

Additional Security Resources

• Are You Prepared Against A Hack?
• How They Hack Your Website: Overview of Common Techniques