How can I protect my website against attacks?

To protect websites from attacks, website operators should regularly maintain their websites and the applications behind them.

We have summarized the most important tips to be observed in this article.

Webhosting protection

Update your website

To guard against attacks, it’s important to keep all of your installations up-to-date, including the core installation and all plug-ins, extensions and themes.

This applies to all content management systems (CMS), such as WordPress, Joomla, Drupal, Typo3, phpBB, Magento, etc.

Passwords

For maximum security, always use a secure password.

This should not be a readily comprehensible word; it should contain uppercase and lowercase letters as well as numbers/special characters; and it should be at least 8 characters long.

Long passwords that don‘t contain special characters can also be secure. See our blog post on this topic: Your password: strong, secure – and forgotten yet again?

Unused web pages, plug-ins and themes

If you have created web pages and installed any plug-ins or themes that you no longer use, you should delete them.

If one of these installations/components is obsolete and accessible via the web, a hacker could launch an attack from it.

Security plug-ins for your website

Depending on the application you are using, it is worth installing a firewall and a two-factor plugin. These help secure your website.

WordPress for example offers several tools:

Backups

If you perform regular local backups, you’ve already taken a big step.
If something happens, you will be able to quickly restore your data (files and database).

This article shows you how to back up your data locally from your Hostpoint Control Panel: How do i create a backup?

Local protection

Operating system

Your locally installed operating system is an important element in the protection of your infrastructure and therefore your website too.

Regardless of the software maker, it is always important to use the latest version to prevent old security vulnerabilities from being exploited.

So make sure to regularly update your operating system. Many operating systems allow you to install these updates automatically.

Antivirus/Firewall

Antivirus protection is important for all operating systems.

Viruses can spread quickly on operating systems that are not up-to-date – this applies not only to Windows, but also to Apple MacOS, for example.

Always install an antivirus program and firewall to prevent as many attack vectors as possible.

Software

All of the software you use (Office, e-mail clients, etc.) must be updated on a regular basis.

Security vulnerabilities can crop up anywhere, and regular updates protect your software from being misuse.

Browser

You use your browser to directly access your website, server or e-mails. So it’s crucial that you close any security holes to protect them.

Older browser versions sometimes contain dangerous vulnerabilities, so always make sure to install all browser updates.

Free applications

You should not use software obtained for free (or that is normally subject to charge but offered free on unofficial websites). Or proceed with great caution at the very least.

These applications often include malicious code, which can harvest your password or install additional malware, for example.

So you should only install applications from official sources and consider whether an application is truly “free”, or whether it’s making money in some other way.

E-mail security and prevention

Mobile

If you have set up your e-mail account on a smartphone or tablet, it is important to keep the device up-to-date.

Just like a PC or Mac, an obsolete version may contain security holes that can be exploited by unknown parties.

Many reputable antivirus programs now offer versions for smartphones as well.

Unknown devices

If you are checking your e-mails from a device that does not belong to you, that is not up-to-date or has been manipulated in some way, it is possible that the data you enter may be copied!

You should avoid saving your passwords on such devices.

WLAN connections

Only use WLAN connections that are encrypted; unsecured networks can open the door for data theft.

When setting up an e-mail account, make sure that you always use TLS/SSL.

The correct settings for your e-mail software can be found here: Enable SSL for Mailaccounts

Spam and phishing e-mails

The people sending these e-mails are trying to get their hands on information that will put money in their pockets, one way or another. Usually these e-mails include attachments containing viruses or links to manipulated websites.

Phishing e-mails often look deceptively real and come from known (yet faked) senders. An article on this topic can be found here: Fake E-Mails in circulation

 

Unable to find what you were looking for?

Our support experts are happy to assist you personally!

 

© 2001 - Hostpoint AG