Académique Documents
Professionnel Documents
Culture Documents
Making your website live is like unlocking the door to your premises with your office and safe
open: Most of the people who visit your physical building will never even know that all of your data
is there to discover just by walking in. Occasionally you will find someone with malicious intent
who will walk in and steal your data. That is why you have locks on doors and safes.
Your website is just the same, except that you will never see anyone come in unless you have
protection systems in place. Electronic thieves are invisible and fast., searching for your website for
details of customers’ accounts, especially for their credit card information. You have a legal
obligation to protect this data from theft and to report security breaches that occur.
Theft is not the only thing on the mind of a hacker: Sheer destruction is a major motivator. Hackers
may want to destroy all your records, put a sick message on your customers’ screens or just destroy
your reputation.
You can never undo the damage done by a hacker, you can take steps to prevent it. Even the most
basic protection will discourage many hackers enough to make them go looking for easier pickings
elsewhere. Thieves are likelier to steal from people who leave their doors unlocked.
1. Stay updated.
You need to stay up to date with hacking threats. If you have at least a basic knowledge of what is
possible then you can protect your website against it. Follow updates at a tech site such as The
Hacker News. Use the information you gain to put fresh precautions in place when necessary.
3. Update everything.
Updates cost software companies money. They only do it when necessary, yet many people who use
the software do not install updates immediately. If the reason behind the update is a security
vulnerability, delaying an update exposes you to attack in the interim period. Hackers can scan
thousands of websites an hour looking for vulnerabilities that will allow them to break in. They
network like crazy, so if one hacker knows how to get into a program then hundreds of hackers will
know as well.
4. Tighten network security.
Computer users in your office may be inadvertently providing an easy access route to your website
servers. Ensure that:
• Logins expire after a short period of inactivity.
• Passwords are changed frequently.
• Passwords are strong and NEVER written down.
• All devices plugged into the network are scanned for malware each time they are attached.
Ever since I founded my hosting company, we've had to watch our network security on a minute-
by-minute basis not to be hacked.
*Prevention of hacking
03. XSS
Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then runs in
the browsers of your users, and can change page content, or steal information to send back to the
attacker. For example, if you show comments on a page without validation, then an attacker might
submit comments containing script tags and JavaScript, which could run in every other user's
browser and steal their login cookie, allowing the attack to take control of the account of every user
who viewed the comment. You need to ensure that users cannot inject active JavaScript content into
your pages.
06. Passwords
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is
crucial to use strong passwords to your server and website admin area, but equally also important to
insist on good password practices for your users to protect the security of their accounts.
08. HTTPS
HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees to users that
they're talking to the server they expect, and that nobody else can intercept or change the content
they're seeing in transit.
09. Website security tools
Once you think you have done all you can then it's time to test your website security. The most
effective way of doing this is via the use of some website security tools, often referred to as
penetration testing or pen testing for short.