loading

22/04/2019
Internet Security: How to Protect Your Website

Internet
Security:
How to
Protect
your Website

Internet Security is more necessary now than ever, due to the significant increase in attacks on websites that grows every year. According to Security magazine, on average, every 39 seconds a hacker performs an attack.

This shows how crucial it is to strengthen the security of your website and protect it from all existing and potential threats. So let’s take a look at some security tips.

1. Install Web Application Firewall

If you want to increase Internet security for your website and save it from possible threats and viruses, the installation of a Firewall, or web application firewall, should be your number one priority. The way a web application firewall works is by assessing your site’s traffic geographically and behaviorally. It then also examines the information requested by the visitor.

So, based on these and other criteria, the firewall only allows legitimate traffic and blocks malicious or suspicious traffic.

There are many web application firewall providers. Personally when I work with sites that don’t have a WordPress content manager, I usually implement Cloudflare.

This is a CDN (cloud delivery network) service, which not only increases the loading speed and stability of our website, but also has its own firewall.

However, if you work with a website with a WordPress content manager, you will need the contribution of a security plugin that provides us with an updated firewall.

Because we are working with a system that, although it has a large community of developers working with it, there is also the antagonistic part, which works hard and daily to damage the sites developed with this fantastic CMS.

For this case I usually recommend Wordfence, but there are other very good plugins that can also strengthen security on the Internet.

2. Migrate to HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is highly recommended. Especially if you do online business that requires customers to make transactions on the site.

This is because hackers and hijackers can slip into the transaction and monitor the process. In this way, they are likely to obtain highly sensitive data, such as account numbers or credit card data.

To avoid this we must implement an SSL certificate. Taking advantage of encryption layers such as TLS (Transport Layer Security) and Secure Sockets Layer (SSL), this will encrypt the entire transaction process. Then no one will be able to infiltrate your transactions and steal data or close the process.

Any web page can implement this certificate, and it is even advisable because Google gives priority in the search results to those sites that have it. But in an eCommerse website, having an SSL certificate is essential to protect the transactions that require the marketing of its products.

Until a couple of years ago to install an SSL certificate was a cost because to buy it you had to buy it. Although there are different types of SSL certificates, today thanks to technologies such as Let´s Encrypt we can install a free certificate. These can meet at least the basic requirements and thus protect the transit of private information of users on our website.

3. Use secure passwords

Although this advice is simple to apply, very vulnerable passwords are still used that can be compromised in a few minutes. Many people use dictionary words for Brute Force attacks, such as their passwords. This is very dangerous due to attacks where the password is weakened with multiple connection attempts. In cryptography, brute force attack is the way to recover a key by trying all possible combinations to find the right one.

Therefore, make sure you have an extremely strong password for the back-end of your website, so that it cannot be easily deciphered. Here are some things to keep in mind when setting up your password:

  • The password must be more than eight characters long
  • Do not consider dictionary words for Brute Force attacks
  • Combine uppercase and lowercase letters, digits and special characters
  • Avoiding the use of words related to personal information
  • Change it periodically

It only takes a few seconds or minutes at most to crack a badly created password, so be sure to use the above points to avoid compromising your Internet security.

4. Validate forms

Every website will have at least one form. This tool is an excellent gateway for hackers if we don’t set strict rules. We must ask for information in an adequate way to avoid hackers, malwares or any kind of robots.

To achieve this we need to implement a series of validations in our forms.

An example of this would be: that an email field cannot be sent without an @ or a .com or .something extension.

Another way could be: that in a field in which we have to place a phone, let’s check that for that field there are no characters that are not numeric.

There are different types of validations, some on the server side and others on the client side (web browser). Sometimes only client-side validations (Javascript) are performed, but it can very easily happen that a hacker or robot deactivates the Javascript of the browser. Then the form would be vulnerable and ready to be used with bad intentions.

In my case the validations corresponding to the server I do with PHP, but in turn I also like to have a second layer of validation on the client side with Javascript.

5. Using Internet security tools

In addition to following the tips above, be sure to take advantage of some security tools to further strengthen the protection of your website on the Internet. Here are some free tools worth investigating:

  • Netsparker: Excellent tool to check SQL injection
  • OpenVAS: Known as the most advanced security scanner that scans more than 25,000 vulnerabilities.
  • Web Inspector: Analyze your website and get a report that includes malware, phishing, blacklist, worms, Trojans, backdoors, suspicious connections and several other threats.

There are many more website security tools available. Even Premium versions. Perform a quick search to get an idea of what you need.

6. Protect the website from SQL injection

Hackers can manipulate your database using parameters placed in the URL to gain access to your website. This is called an SQL injection attack and usually occurs when a standard SQL Transact is used. Because a hacker can easily write malicious code in your query and gain access to your information and data.

This is what a standard query looks like;

“SELECT * FROM table WHERE column – ‘ ” + parameter + ” ‘ ; ” ” “.

To prevent a hacker from using our database queries it is necessary to parameterize it to prevent a query from being added at the end of this statement. This is how your final query will look like:

$stmt = $pdo->prepare(‘SELECT * FROM table WHERE column = :value’); $stmt->execute(array(‘value’ => $parameter));

In this way you will not only strengthen your security on the Internet, but also protect your website against the most common type of attack.

7. Reinforce security with HTACCESS

One last measure, but of great weight is to edit our .htaccess file.

This is a file located in the root of our server, in which we will place some directives that will tell the server how to behave in different situations.

Editing this file requires advanced technical knowledge and it is not advisable to place any code we find out there, because we could generate irreparable damage.

But in the hands of a professional can be a great tool. As you can see in this article in DIGITAL HERTIAGE where J.Pereyra explains in detail what instructions we should add to strengthen the security of our website.

Sound advice: Always backup this file before touching it.

Final words

Your website is one of the most valuable assets of the business, do not let hackers take over your data and those of your customers. Be sure to work on the tips above and you’ll be more protected.

Images: Freepik.es

Translation: Deepl

Generic placeholder image
Nicolás González

Web Designer & Developer
Freelance

+598 98 398 010

nico@nicowebsite.com

Related
Posts

Your company’s web project. Where to start?

Your company’s web project translates into the creation of a web page that gives you visibility, traffic and most importantly: customers. Where to start? It ...

Gutenberg
and its design
blocks

Gutenberg is the new editor of WordPress. It was released together with WordPress version 5.0 and the truth is that it has very important tools ...

How to use
images on a
web page?
Tips for 2019

How to use images on a web page? More than once we have asked ourselves this question. We know that the visual aspect is decisive ...