Nowadays, it is a fashion to build websites with third-party software like WordPress and Joomla. These applications offer great usability, but it is completely your task to ensure that they are up-to-date.
1.Use Unpredictable Login Credentials
You must use unpredictable username and complicated password for the access to both the server and the website. Never use “admin” or your name as the username, and do not use “admin”, “password” or “1234567” as the password. These weak credentials give an open door to hackers.
2.Secure the Admin Area of Your Website
The admin area is the brain of your site, so you should try your best to prevent malicious access. Brute force attack is the most frequently seen method for hackers to break into the admin area of your site. To get rid of the risk, besides making sure the security of username and password.
3.Limit failed login attempts
You can limit the frequency of failed access trials in a certain period of time. If the login failure hits the limitation, the user will be locked out, which makes it harder for brute force attacks to succeed.
4.Limit the IP
If your website has several contributors only, you can simply allow their IPs to access the admin area, and then ban all other IPs. This is quite an effective security method. But it is not a suitable option for sites with a large number of authors.
5.Secure the admin email
Just to prevent possible troubles, do not use the emails listed on the “contact us” page or any other obvious sections of your site as the admin email.
6.Enhance the Database Security
Many attackers nowadays would like to target databases because they include the most valuable information of your site. Below are the best practices of database security.
7.Change the database table prefix
When you use 1-click installers to install third-party scripts like WordPress, a database is created automatically with a default table prefix which is highly predictable. If you haven’t made a change in the installation process, then you should get into your database and give the tables a more secure prefix.
8.Change file permissions
determine who can execute, read or write the files. You need to make sure that no file on your server is set with dangerous “777” permissions which allow anyone to read, write and execute the file. Generally speaking, the following rules are suitable for most websites.
- set “755” permissions to directories and folders.
- set “644” permissions to individual files.
You can change the file permission by using the File Manager in cPanel or anlike FileZilla.
9.Limit upload file type
It is a basic step to prevent users from uploading executable files. You should only allow images to be uploaded by limiting the file types to “jpg”, “jpeg”, “png” and “gif”. In this case, the files with extensions like .html will not be able to upload.
Whether you are running a CMS based website or an HTML site,can help with the security. It is a paid solution that provides daily monitoring of malware and vulnerability. The scans are performed automatically. SiteLock also includes a web application firewall.
11.Use a security plugin/extension
Open source applications like WordPress and Joomla come with a large number of easy-to-use and rich-featured plugins which provide all-round protection to websites. You can read reviews and then select the one that matches your need best. But remember not to use more than one security plugin at one time.