So you just got your website online and it is going well. Everything is working and everything seems good but how are you going to protect yourself from hackers and people misusing your website and server?
It's a commonly known fact that hackers automated their hacking, crawling the Internet for known vulnerabilities in websites and then exploiting them gaining access to your website, server or even your customer personal data.
This guide looks at the very basic things that anyone look at to help secure your website and protect it from hackers.
Is Your Server Up to Date?
First thing first, making sure that your server is using the latest hosting environments that your website can use is hugely beneficial. For the majority of websites out there on the Internet, the will be using PHP to power their sites and this needs to be up to date to ensure that they don't get hacked.
These charts show the current versions of PHP that are widely used on the market today and when they will be come 'end of life' and no longer supported for security fixes and updates.
Charts can be viewed at: http://php.net/supported-versions.php
In an interview if did with PHP advocate, Lorna Jane Mitchell, she explains that the most commonly found version of PHP 5.3 (software that runs your websites) is out of date and no longer supported and many hosting companies around the world are still using it due to backwards compatibility issues they must help support. But if you're version of your CMS, such as Joomla! 3.x can use PHP 5.5, then ask your hosting provider to upgrade you to the latest version that it can support.
Even at the time of writing this post, PHP 5.5 is no longer in active development and will soon also become end of life, forcing users to move to PHP 5.6.
We run our websites on PHP 5.5 and as a result, we are automatically safer from hackers as vulnerabilities found in any version that is lower are already fixed and don't exist.
We also have huge performance and speed improvements on all of our websites as the later versions are better optimised, giving our websites an instant optimisation improvement at no cost other than our time contacting our hosting provider or web developers to make the change.
Your hosting provider will love you too as you are one more client that will less likely be hacked and ruin their hosting environments.
Update Your the CMS!
The next thing to do is to make sure that your core installation is up to date and secure!
Hosting providers like SiteGround provide automated upgrades. When a new release is available, they send out automated emails letting you know that your website will be updated within 24 hours.
These updates not only come with new features, but usually have security fixes bundled with them.
Updating is as easy as clicking a button and waiting for the update to complete.
Please note though, sometimes hacks may come in from the extensions and plugins that are on your site, so it is worth having a look if you can update all of them as well.
Install a Web Application Firewall on Your Website
A great third party tool to get working on your website is a Web Application Firewall, and the one that we like to use is called CloudFlare. CloudFlare helps mitigate attacks and hackers by pushing them through their network and servers before allowing the user to hit your website. They act as a border control between the user and your website ensuring that what is going back and forth is safe and not threatening.
Furthermore, CloudFlare's basic plan is free. Sign up and you can have your website up and secure within minutes. SiteGround also has integrations with CloudFlare which make it really easy to sign up and get configured.
CloudFlare learns from other attacks around the world in its networks and prevents the same or similar attacks from happening again to other sites. Collectively it learns from all the websites and attacks in the world and creates rules and blocks on the fly to help prevent them from happening again.
It won't hurt either to look at a backup plan for your website too in the event of a hack. Having your own backup procedure that you can recover from will give you an extra hand if anything happens to your website.
These simple tasks that you can perform and get started on will have a huge impact on your websites safety and security. They don't take much time at all and within a couple of minutes you can ensure your website is just that much more secure.