menu search
brightness_auto
Ask or Answer anything Anonymously! No sign-up is needed!
more_vert
Please I would like to know how to set up one's website's security to prevent it from getting hacked.

Thanks. 

10 Answers

more_vert
 
done_all
Best answer
Definitely,it pertinent to secured one's site from being hacked,I know most times bloggers and site owners feel reluctant to secured their sites because they believe it doesn't matter or hackers can't hack the site but we can never tell,so good or bad we need to buckle up.

Some measures to be taken includes adding an SSLto one's site, this is security socket layer where one have secured connection on the site, so that no body can get into one's content.
Try to guard against attacks by installing softwares that can mitigate agsnist DDOS attack which could even bring down one site.

Create a very strong password for the admin login,so that it will be difficult for hackers to guess and use aganist the site

It pertinent not to store the site details online.Storing it away offline might be better.
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
Hi, here's my take on your question.

Online world has really help our daily lives in many ways. It has also become a good platform for businesses, there are a lot of enterprises which have started or shifted their businesses online because it offers less hassle and faster transaction.

But with every good things that happens, there will also be bad ones. For online businesses, these are the hackers and scammers. It does not just affect the company alone but also its customers. Eventually, it will also create distrust among customers regarding their privacy.

Privacy and being trustworthy is one of more important factors in an online business, if hackers are constantly able to go through your site, it will have a bad effect on your business. But there are available software and service providers who specializes in website protection and enhancement. Better invest on these because it ensures you a better website and loyal customers.

To guarantee your customers of privacy and safety, there are also certificates and badges awarded to websites who is successful in guarding their sites on hackers and fraud. Better to avail this and display as an evidence for your customers to be certain that their information is safe.
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert

My personal programmer opinion is that there is no single website that can be fully prevented from getting hacked. This is from my personal experience as I worked as a PEN-TESTER(penetration tester) for years now 

BUT!


There is certainly a great or even a best way to secure your website, and its called "Wordfence",


You just install it and it does all the work for you

Also it covers you from spammy comments which is amazing if you ask me.


Ton of options literally just search for wordfence and you'll get a great picture.


Hope this answers your question.


Best Regards,


Nesim

thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
in 2020 hackers are becoming more sophisticated  in the hacking methods. However cyber security tips are also becoming more detailed. By the way, as I learned on hacker forums - the only things hackers a powerless against and what they themselves sometimes use for greater privacy are decentralised apps like Utopia p2p, they are a closed web system that is closed from external attacks. And not requiring the use of any personal data.
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
To completely prevent your website from getting hacked,you should accept the terms and conditions,which you don't feel secure.Everyone should not download the random Applications and Softwares,otherwise,the chances to get hacked are high.
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
Don't dive into some anonymous site that you are not familiar with. Don't click and click some links that suddenly apears on your screen. download some applications that can protect your IP adress
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
The best way is to use long and unique passwords. You can also use different passwords not the same as the other sites joined in. Hackers are so up to the next level when it comes to scamming innocent souls like us.
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert

1. Keep your software up to date: Make sure you are regularly updating your software, plugins, and operating systems to the latest versions. This ensures that any security vulnerabilities that have been identified and patched in the latest versions are no longer present on your website. 


2. Use strong passwords: Create strong passwords that are difficult to guess and use different passwords for different accounts. Consider using a password manager to help you keep track of your passwords. Also, think about implementing two-factor authentication (2FA) to add an extra layer of security.


3. Implement a web application firewall (WAF): A WAF can help protect your website from malicious traffic and attacks by filtering incoming requests and blocking malicious requests.


4. Use a secure connection: Make sure you are using a secure connection (SSL/TLS) to encrypt data sent between your website and visitors. This will help protect sensitive information from being intercepted by malicious actors.


5. Monitor your website: Implement monitoring tools to keep track of your website’s performance and activities. This will help you detect any suspicious activities or issues that may indicate a potential attack.

thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
To completely prevent your website from getting hacked, you need to do the following:

1. Install a security software on your website.

2. Set up a security protocols on your website.

3. Securityighammer tool on your website.

4. Protect your website with content protection tool on your website.

5. Security monitor on your website to keep an eye on your website.

6. Secure your website with digital security on your website.
thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert

Important ways to prevent your website from getting hacked:


1) Implement a Web Application Firewall: This firewall can detect and block any unauthorized or suspicious traffic trying to access the website. 


2) Ensure that the websites' software and features are always up to date. 


3) Regularly backup your websites' data to a secure location. 


4) Make sure to use a trustworthy web hosting service that distributes security features. Web hosting services are defined as companies that distribute the technology and infrastructure to make websites available on the internet. 


5) Make sure to regularly scan the website for vulnerabilities and malware. 


6) Categorize data processed, stored, or transmitted by an application. Examine which data is sensitive based on privacy laws, compliance requirements, or business requirements. 


7) Do not store unneeded sensitive data. Get rid of it as soon as possible or utilize the PCI DSS- compliant tokenization or truncation. 


8) When sensitive data is at rest, make sure to encrypt all that data.


9) Make sure that the latest and most efficient standard algorithms, protocols, and keys are enacted. Also, make sure to use proper key management. 


10) Make sure to use safe protocols, such as TLS with forward secrecy ciphers, cipher prioritization by the server, and safe parameters to encrypt all the data when it is in transit. Also, enforce encryption policies, such as HTTP Strict Transport Security. 


11) Make sure to disable caching when it responds and uses sensitive data. 


12) Rely on data classification to implement the required security controls. 


13) Avoid using FTP and SMTP legacy protocols to transmit sensitive data. 


14) Make sure to store passwords by relying on optimal, adaptable, salted hashing functions with a work factor such as Argon2, scrypt, bcrypt, or PBKDF2. 


15) Make sure to always utilize authenticated encryption instead of solely using encryption. 


16) Avoid using depreciated cryptographic functions and padding schemes, such as MD5, SHA1, and PKCS number 1 v1.5.


17) All user passwords must be 8 characters in length with at least one symbol and one number. Users should not rely on passwords that they have used in the past. Two-step authentication is required after the user enters a password. 


18) Make sure the website is capable of defending against an SQL Injection Attack: 


- SQL Injection Attack definition: A successful attack may affect the unauthorized viewing of user lists, and the elimination of entire tables, and the attacker can possibly obtain administrative rights to a database, which is very damaging to a business. Examples of information that can be accessed or utilized by unauthorized outsiders during an SQL Injection Attack are company data, user lists, or private customer details. 


- SQL Injection Attack Severity Rating: The Overall CVSS Score is 9.6/10, which is a high vulnerability score. An unauthorized attacker who views and edits the databases of sensitive user data or company data can hinder the confidentiality, integrity, and availability of that information. Many companies rely on sensitive user and company data to stay in business, and an SQL Injection attack can disrupt or stop business operations if the attack can access that data. 


SQL Injection Remediations: 


- Use Prepared Statements with Parameterized Queries: Prepared statements are used to make sure that none of the dynamic variables you must need in a query can escape their position. The core query is defined beforehand, and the arguments and their types are defined subsequently. 


- Use Stored Procedures: Stored procedures make it very complicated for attackers to carry out their vulnerable SQL, as it is unable to be dynamically included within queries. 


- Allowlist Input Validation: You can perform allowlist validation to verify user input against a current classification of known, approved, and defined input. Whenever data is entered and does not correspond to the assigned values, it is rejected, which protects the application or website from harmful SQL injections in the process. 


- Enforce the Principle of Least Privilege: Make sure to use the minimum number of systems to perform tasks. Assign privileges only for the time that the task is needed. Prohibit assigned administrative accounts or privileges to access application accounts. Make sure to reduce the number of privileges to every database account in your work area. 


- Utilize LIMIT and other SQL controls in queries to avoid the release of countless records in case an SQL injection occurs. 


- Use a Web Application Firewall: A Web Application Firewall can filter potentially susceptible web requests that can detect and prevent SQL injections. 


19) Make sure the website is capable of defending against Cross Site Scripting: 


- Cross Site Scripting definition: Cross Site Scripting injects code into web applications by sending harmful, client-side scripts to a user's web browser so that it can be executed. Cross-site scripting starts when users interact with the infected website or web application. 


- Cross Site Scripting Severity Rating: The overall CVSS score is 9.6/10, which is a high vulnerability score. The possible impacts of a Cross-site scripting attack involve Publicly disclosed user data, attackers taking over online accounts and imitating users, Vandalism of the presence of website content, inserting Trojan horse programs, and redirecting web pages to dangerous locations. 


Cross Site Scripting Remediations: 


- Escape user input: Escaping means converting the crucial characters in the data that a web form receives to prevent the data from being translated in any harmful way. It does not allow the special characters to be modified.


- Validate user input: Make sure to view data that came from outside the system as untrusted. Validate all the input data. Use an allowlist of known and appropriate input. 


- Sanitize data: Analyze and delete unnecessary data, such as HTML tags that are seen as unsafe. Keep any safe data and delete any harmful characters from the data. 


- Use Static and Dynamic Application Scanning tools to identify security vulnerabilities that can lead to Cross Site Scripting attacks and recommendations to mitigate them. 


20) Make sure the website is capable of defending against Cross-site request forgery attacks:


- Cross-site request forgery definition: Cross-site request forgery attacks exploit the trust a website already has by giving the user and browser permission to do something important. In this attack, an attacker utilizes social engineering strategies to manipulate an authenticated user to obliviously execute harmful actions without their awareness or permission.


- Cross-site request forgery Severity Rating: The Overall CVSS score is 8.3/10, which is a high vulnerability score. The possible impacts of a Cross-site request forgery attack involve a damaged reputation, a lost of customer trust, and possibly facing regulatory fines. 


Remediations: 


- Use anti-CSRF tokens: This is the most efficient way to safeguard against this attack. Anti-CSRF tokens are related pairs of tokens that are handed to users for validating their requests. The tokens prohibit and prevent attackers from sending issue requests to their victims. Each token contains a unique, unpredictable, and confidential value that is not easily guessed by a third party.


- Use SameSite Cookies: Make sure to change the SameSite attribute of your cookies to Strict. If changing this attribute would damage your web application functionality, change the SameSite attribute to Lax but never change it to None. It is important to know that not all browsers currently support SameSite cookies, but there are many browsers out there that do. Make sure to use the Lax attribute as extra protection along with anti-CSRF tokens. 

thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
Whenever you have a question in your mind, just drop it on Answeree. Help our community grow.
...