Security of a website can't reach 100%, hackers always find new vulnerabilities and they exploit it to attack systems and applications. But you can improve your website security and decrease the chances of getting hacked by following these advices.
For the webserver:
1- choose a web server in mac, mac have more security than Linux, Linux have more security than Windows.
2-if you have a personal server in your computer like big companies have more security than a host servers,
3-a website hosted in a virtual machine (VPS) have more security than a website hosted in a simple machine.
4-the operating system and the applications where the webserver is running, should always get last security updates.
5-the webserver should have antivirus and Anti-DDOS attack protection.
6-the webserver should have a firewall against malicious requests.
For the web application (script):
1- if u use a downloaded script, use the one that have good support and updates, and don't use a lot of (Add-ons, plugins, modules ,gadgets), less add-ons means less vulnerabilities.
2- if the web script is developed by you from zero, you need to know that bad programming means more vulnerabilities
3- your web script should be programmed to crypt passwords(md5,sha-1,DES...), and u have to use a hard password for your admin account.
4-the password of your admin account should be different than the (cpannel, ftp, phpmyadmin, mysql...) passwords.
5- change the path and the name of the website administration's folder, and if u have Cpannel you can give a password for this folder.
ex: www.yoursite.com/admin/index.php
www.yoursite.com/folder/folder/../adminwebfolder/index.php
this needs also to modify some codes in your script
6-use a website vulnerability scanner, like Acunetix wvs or nikto... to know if your website is vulnerable to attacks like (sql injection, local file include, remote file include, authentication bypass, buffer overflow, XSS, CSRF...).
0 commentaires :
Post a Comment