Many website owners don’t pay enough attention to their site’s security. They often think “why would anyone target my site?” But, it can happen. Websites are compromised all the time. There are several ways to help keep your site safe.
Make sure all your software is up to date. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. Hackers are quick to attempt to abuse them when security holes are found in software. WordPress and many other content management systems notify you of available system updates when you log in. If you are hosting with a hosting company they should take care of this.
Use strong passwords to access your websites. Place scripts and tools in password protected directories.
Keep your error messages vague. Don’t give away too much info by providing hints. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker knows one of the fields is correct then they know they have one of the fields and can concentrate on the other field.
File uploads can be a big security risk. Even the most innocent looking of files can contain a script that puts your website /server at risk. Don’t assume hidden files are secure. It is recommended that you prevent direct access to uploaded files all together. Store the file outside of your document root. Create a separate directory and use it to store uploaded files.
Use an SSL Certificate. SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Potential attackers could be searching for this information and if the communication medium is not secure use this information to gain access to user accounts and other personal data.
It is important to play it safe to keep both your website and servers secure. Pay attention to passwords, files and software. In doing so you just might avoid a security disaster.