Making your website secure and keeping it that way is highly important; this can help to avoid your website being hacked and your data leaked. Most users will make use of common content management systems such as Joomla and WordPress, which are susceptible to attacks. Here are some tips for keeping things secure. This is a basic rundown of what you can do to stay secure. It’s not foolproof, but it goes a long way to help. It’s essential that you update, update, and update!

Updates

Keep on top of your updates! This is the most important part of remaining secure. Teams such as WordPress and Joomla are constantly patching security flaws in their scripts, so it’s important you update them immediately upon patch releases.

Plugins and Themes

So frequently, the cause of a website hack is the result of a plugin or theme, that it is essential you use them diligently:
  1. Carefully choose the plugins and themes you use - Google them before you install them to a) ensure they are still being updated and b) that there are no known vulnerabilities.
  2. Only have plugins and themes which you use installed. If you have any unused plugins or themes laying around, remove them.
  3. Keep anything installed up to date, always.

Passwords

Carefully choose the passwords you use; this means using combinations of upper and lowercase characters, numbers, and if possible, symbols. Always use passwords longer than 8 characters and, if possible, change them every few months. Never store your passwords in plain text anywhere and never share them with untrusted people, particularly via email or IM.

Virus Scanning

Run a virus/malware scanner on your computer. There’s no use having a secure password if you have a nasty on your computer and your keystrokes end up being logged; this would allow your secure password to be retrieved. Scan your computer frequently for nasties.

Admin Accounts

On your WordPress, Joomla, Drupal, etc., script there is an admin account; we’d recommend changing the username of it if possible. Try not to use “admin” or “administrator”; instead, change the admin username to something less obvious to avoid brute force login attempts. If it’s possible, perhaps consider using a .htaccess deny all to block access to admin areas of your website—only allowing in your IP. This may not be feasible for all, but it’s a good option if it’s available to you.

Appropriate Permissions

Don’t have any 777 permission sets chmodded on your files. If you’re unsure what this means, you can simply run the Permissions Fixer within your VIPcontrol. Furthermore, ensure you set your WordPress config file (wp-config.php) or your Joomla config file (configuration.php) to a chmod of 600 to avoid it being read—apply this same rule to other CMSs as well.

Backups

Taking backups doesn’t stop you from being hacked, but it provides you a fallback if you do. If you are hacked, for whatever reason, a backup allows you to restore your website to a functional state before the hack. It is then absolutely critical that you identify how you were hacked in the first place and patch it to avoid a repeat.