1.) Ensure software is up to date
If you’re using managed hosting you probably won’t need to worry about this as your web host will do it all for you. But if you’re managing your own site you need to make sure the software for your server operating system, CMS, and forums are all up to date so hackers don’t find their way onto your server.
2.) Use parameterised queries in web form fields
You know those forms you have on your website that visitors can fill out and contact you? Hackers use these to perform SQL injection attacks and gain access to your database. Parameterised queries are a feature in most web languages, are easy to implement, and will help keep your site safe from hackers.
3.) Encode or strip out any HTML
This will prevent hackers from performing cross site scripting (XSS), which is also accessible to them through the web form. With XSS, hackers can then run malicious code on your site. To prevent them from doing this, make sure that when creating the form it will encode or strip out any HTML.
4.) Error fields
We’ve all seen error fields on our computers when we try to do something unauthorized, but how much are your error fields giving away? Do they simply state the “username/password combination is incorrect”? Or do they actually tell the user which one of those things is incorrect? The latter will provide clues to hackers that will help them when they’re attempting a brute force attack by simply trying different combinations to access an account.
5.) Browser and server validation
Browsers do a good job of catching certain fails, such as when mandatory text isn’t typed into a field. However, hackers know how to bypass these and so to protect yourself even further, you need to make sure that validation is also being done on the server side. Otherwise, you put your site at risk for malicious code or scripting code being entered into the database.
6.) Regulating passwords
Online users know that complicated passwords are important, but that doesn’t mean everyone uses them. Force them to by including password regulations such as minimums of eight characters, and including uppercase letters along with at least one number. This will make it more difficult for hackers to perform brute force attacks.
If users are passing personal information between the website and your server, you must have a security certificate installed on the site. Without these certificates hackers can gain access to that information and get into user accounts and their personal information.
If you have a website it’s important that you protect it from being hacked so that it continues to run as you need it to, and to protect the personal information of the users of your site. These tips are just a few of things you can do to protect yourself but be sure to speak to your web host about even more security options available to you.