Information Security, Internet Related

Security 101-How Can You Protect Your Website from Hacking?

Did you know that over 9,500 websites are blacklisted every single day by the major search engines?  This is because they are infected with malware and thus are no longer qualified to be searched or indexed.  Sadly, most of these webmasters are unaware that their website is compromised by malware and suffer great losses.  While you can request a blacklist removal later on, the damage has been done.  Your best option is to protect your website ahead of time rather than risk such catastrophe.  Let’s consider a few simple points to ward off invasion.

Step 1: Validate all inputs. 
This means taking the time to validate all forms of input, including cookies, page headers, hidden fields, query strings, and so on.  Invalidated input are not protected from expected input types and length, and this is also a common risk in hacking known as cross site scripting.  Don’t merely blacklist certain types of invalidated inputs; for the best results, closely oversee what you validate.Step 2: Avoid storing critical or sensitive data on your host server.
If you have no choice, at least use robots.txt to stop indexing folders or documents with sensitive information.  When you do this, you block users or robots from being able to access documents that have been auto-indexed.  If you still have security leaks then block individual HTML pages with the NOARCHIVE command.  This can prevent Google hacking, which involves users searching for exposed folders and then gaining access to this information.  What many webmasters don’t realize is that unless Robots.txt is specified to block folders or files, they are indexed by search spiders.

Step 3: Make sure your server does not allow directory listing. 
If they do, you should negotiate some sort of solution for this.  Directory listing leaves your entire directory exposed to the public—at least the ones smart and cruel enough to hack their way into your files.  (Actually, no hacking is even required…it’s that easy to just load up your files)  You should run a test by trying to “find” or Google folders that are listed on your site directory.  If they show up on Google as well, there is a major risk for hacking on your site.

Step 4: Work with a host company that regularly updates security programs. 
Whether you are doing shared hosting, dedicated hosting, or hosting the site on your own server, you need to install periodic updates to keep the connection secure.  Malware detection is a major issue, as you can scan to see if your site is infected.

Step 5: Hire a monitoring company.
This step is certainly not required, but depending on how at risk you are, and how damaging a hacking scandal would be to your customers, you might seriously think about hiring a monitoring company that can perform malware scans on your system, or perhaps do a vulnerability assessment, which is a detailed analysis of all of your site’s possible risks.  Did you know that there are new vulnerabilities reported almost every day for the average website?  These companies may also perform blacklist and reputation monitoring, just in case you are being reported as a malware site.

Losing your website to malware or hackers can definitely affect your revenue, and worse yet, your reputation.  Remember, just as you must protect your PC from viruses, you have double responsibility to protect your website from malware.  Don’t conclude that just because you use a trusted name in website design or hosting your site is invulnerable.  Most sites are vulnerable…most don’t take action and then pay for it dearly.  You can take steps to protect your site from harm!

Veronica Clyde is a tech writer at – a place where you can read reviews about the best VPN providers. If interested, check out a  Private Internet Access review

Comments are closed.