Submit to StumbleUpon


Information systems security is vital to keeping a website safe and protected. Even seasoned professionals who have taken information security training courses sometimes overlook the most basic precautions when protecting a site.

website security tips

Below are some tips to assist with website security.

Upgrade your software

Using an older version of software leaves a website exposed to hackers. As bugs are discovered, the need for updates is inevitable. Upgrading to the latest software not only makes it harder for a security breach, it likely also addresses other issues you may be experiencing.

Avoid admin accounts

Software like WordPress makes it easy to login as an administrator. The convenience it provides also comes at a cost, as it generally only takes two steps to login to the website. If a hacker happens to know the username (often “admin”), they are already half way to gaining access.

Default passwords

Enforcing stronger passwords and simply changing the default password is a simple fix to deter a breach from happening. Passwords should be at least eight characters, and contain numbers and lower and uppercase letters. Requiring special characters makes for an even more secure password.

FTP transfers

Avoid using standard FTP to transfer files. When data is sent this way, it is transferred in clear text. A better option to use is Secure Shell (SSH), which encrypts passwords and data before sending it over the network. SSH is harder to attack and allows for the use of FTP and other insecure services through secure data channels called tunnels.

Blocking

Access to administrator directories and other sensitive folders should be blocked. Under no circumstance should users be allowed to register on your website as an administrator. Keep spam comments from getting through and showing up by requiring some kind of validation. If the website accepts links submitted by visitors, there is a good likelihood it will be a target of spam. Using a web vulnerability scanner will help you identify potential risks before they become an issue.

Additional tips for WordPress

With WordPress being one of the most common platforms used, consider some additional tips. Move the wp-config.php file from its current location up ONE directory level. The file includes authentication keys, MySQL database username and password, and other sensitive information. If hacked, all content on your WordPress blog is accessible. Keep the file in a folder that is not a sub-directory of the public_html or WWW folder.

Using a secret key makes it difficult for a hack to occur by the addition of random elements to a password. The secret key takes a simple password like “password123”, which is easier to break, and creates an unpredictable password like “93a5ew623465cd6as3cb3d77fp.” You can imagine how virtually impossible it would be to break a password of such a random nature.

Changing the WordPress table prefix from the common “wp_” prefix will make a site harder to exploit. Also, blocking access to the wp-admin directory is another good tactic to keep your site safe.  Hackers rely and prey on sites that do the bare minimum to exist. If default settings are able to be modified on your end, website security takes an extraordinary jump up and lessens the chance of a breach.

This guest post was provided by University Alliance and submitted on behalf of Villanova University Online. Villanova offers information security certification courses including information assurance training which are designed for security professionals looking to advance their career opportunities.

Submit to StumbleUpon

About

Missy Diaz is primarily a freelance writer (and blogger) that offers a popular guest blogging service to website owners. She also creates WordPress powered websites and blogs and is the author of Super Blogga, a fun action packed pocket guide aimed at new blog owners with over 70 bite size tips available as an ebook and on Amazon.

Connect with me on Google+.