Many different types of websites can be tempting to hackers. Website security breaches can deface websites, compromise personal data like credit card numbers, or hijack your servers as email relays for spam. They can even set up a temporary web server for illegal files. Many automated scripts are written to exploit known security issues in software. You could have problems with computer security without ever being targeted by a person. Here are some ways to keep your website secure.
Keep Software Up to Date
Keep all software up to date to keep your website secure. This includes the server operating system and any software you may be running on your website. Hackers are quick to take advantage of security holes in software. If you use managed hosting, the hosting company should take care of security updates for the server. You only have to spend a few minutes at the start or end of every day to check for updates.
Make Passwords and Login Screens Secure
Giving too much information in error messages can help hackers get passwords. For example, a message that says "Incorrect username" or "Incorrect password" lets hackers know which one was wrong so that they can keep guessing more effectively. Instead, websites should have generic messages like "Incorrect username or password".
You should use strong passwords to your server and website admin area, and require that users choose good passwords as well. If a large number of your users have their information compromised, it will become harder to attract people to your website. Passwords should be at least eight characters long, with an uppercase letter or a special character and a number for maximum security. They should always be saved as encrypted values. That way, you only compare encrypted values when you authenticate users. There would be no passwords lying around for any one to hack in and steal.
Protect Your Website from File Uploads
Letting users upload files is a website security risk, even if it's just a profile picture. Any uploaded file could contain a script that opens your website to attack when it's executed on your server. If you allow users to upload images, you can't rely on the file extension to verify that the file is actually an image. These can easily be faked, and even opening the file and reading the header or using functions to check the image size don't work all the time. Most image formats have a comment section that hackers could use to upload code.
By default, servers won't try to execute files with image extensions. However, you can't rely only on checking the file extension since files with the name "image.jpg.php" could get through. Rename the file on upload to ensure the correct extension, and make sure any uploaded files are stored in a private folder, away from website data. If the files aren't directly accessible, you'll need a script to fetch them from the private folder. Protecting software from malicious files is especially important for any small business website that shares information with clients. Businesses with employees who work at home and send updates regularly need to pay special attention to securing and monitoring their servers and network security.
Envision IT Solutions specializes in web development and security so that you can focus on your users and your customers. Our certified technicians work with industry leading brands like Microsoft, Dell, Cisco, HP, Panasonic, and Symantec. We can't emphasize enough how horrible it is when your business website gets hacked. If you don't feel like reading any more about computer security, give us a call. We know technology so you don't have to!
Written By Mike Tungate
Hello! I am the Web Services Manager @ EnvisionIT Solutions. I create beautiful websites, branding and marketing systems for businesses. Let me know if you have any questions. I am an avid photographer and a lover of musical instruments.