Securing\na site is not necessarily within everyone’s reach, but that doesn’t mean that\nyou have to be a programmer or computer scientist to get there.<\/p>\n\n\n\n
So\nwe’ve listed 9 tips that are both easy to apply and detailed enough to arouse\nyour curiosity about security issues, so that you slowly but surely become your\nown web security expert.<\/p>\n\n\n\n
All\nthe tips are specific to hacking and we will also introduce you to the\ntechniques you can use to test your website to detect security\nbreaches. Do not worry: nothing too difficult to do, but it is important\nthat you familiarize yourself with the simple tools and techniques that can\nblock or repel attacks, for the good of your projects.<\/p>\n\n\n\n
Have\nfun !<\/p>\n\n\n\n
The\nfirst Web security breach is the use of the same password on a large number of\nWeb sites or services. A hacker who has found only one password will thus\nhave easy access to all your data, whether it is your blog or your PayPal\naccount. Keeping a list of your passwords on paper or in a file is also\nnot a safe solution, because someone who hacked your computer will have easy\naccess to your database.<\/p>\n\n\n\n
But\nwhat if you can’t find a suitable password?<\/p>\n\n\n\n
It is well known that website scripts and CMS platforms are the primary vehicles for hacking\nattacks. If you are hosting scripts written in PHP, ASP and JavaScript, be\naware that they may have security holes and bugs that their developers may have\noverlooked. In addition to contacting the developer immediately after\ndiscovering one of the above issues, there are non-technical methods you can\nuse to ensure that your scripts will not cause you long-term worry:<\/p>\n\n\n\n
Sometimes, hackers sneak up on your site, and can cause big\ndamage behind them: spoof ing<\/em> ,\nmedia files containing viruses, executables and recoded web pages, etc.<\/p>\n\n\n\n Check your records regularly, at least once every two weeks, to\nmake sure your files are fine. If you find files that you don’t recognize,\ndelete them immediately. If that doesn’t work, contact your web host and\nget help (that’s when you most need a good web host ). In\nsuch cases:<\/p>\n\n\n\n Web security experts use many methods to ensure optimal\nsecurity of the systems and Web transactions they work on: public key\ncryptography, chains of trust, signatures, SSL and TSL (Transport\nLayer Security). While it is important that you become familiar with\ncryptography, you should first learn how to use simple multi-factor\nauthentication tools prepared for you by experts:<\/p>\n\n\n\n Why do you need multi-factor authentication? Because\nyou will need to know your username, password AND user code to access your\ncontent; otherwise, you will be denied access. This can be sent to\nyour phone so that no one other than you can access the site.<\/p>\n\n\n\n Distributed\nDenial of Service (DDoS) attacks are rapidly evolving and dangerous, as are\nhacking servers and replacing your services with fraudulent services.<\/p>\n\n\n\n A\nDDoS attack on a server will cause its main services to malfunction, and the\nentire system will no longer be available to end users.<\/p>\n\n\n\n Inform\nyour ISP and your host of this form of attack. The latter can configure each\nserver with a list of alternative DNS addresses, so that when the default DNS\nbecomes unavailable, the whole site always works.<\/p>\n\n\n\n Nothing changes for you, it works like normal FTP , but SFTP, or Secure FTP, offers many security\nadvantages:<\/p>\n\n\n\n The problem with the usual\nFTP command is that it is not encrypted: all downloads to and from the server\nare transmitted as clear data.<\/p>\n\n\n\n To access FTP via the command line (if you are using Unix \/\nLinux \/ Mac OS) you can use sftp username @ host or\nsimply download a free FTP program that supports SFTP, such as FileZilla (open\nsource).<\/p>\n\n\n\n Beware of this hacking method, keep your scripts up to date and\nimmediately contact the script developer if you encounter a security\nbreach. Here’s how to do a simple test:<\/p>\n\n\n\n The code could work\n(we use the conditional because hopefully you have installed a very safe\nscript), since t ‘=’ t ‘is a mathematically true statement, so the SQL query\nwill always be executed.<\/p>\n\n\n\n A knowledgeable hacker\ncan build very sophisticated SQL statements to achieve their goals, so be sure\nto contact the script developer and get help if the script you are using is\neasily attackable. Or change the script.<\/p>\n\n\n\n Your administration panel (cPanel,\nPlesk, etc.) is provided with integrated tools for traffic analysis, access and\nsecurity logs which you must monitor at least once a week.<\/p>\n\n\n\n If you are using\ncPanel, we recommend that you check your Analog Stats tool every other day, as\nit displays a detailed report with:<\/p>\n\n\n\n Log tools are the\nfirst tools you should check out when you think your website has been attacked.<\/p>\n\n\n\n Back up your files as often as possible . With\nplug-ins like Updraft Plus and BackupBuddy, you can define the intervals at\nwhich your backups will be made. <\/p>\n\n\n\n What matters is that\nyou constantly download new copies of your content, ready to be restored if\nsomething goes wrong along the way. <\/p>\n\n\n\n If\nyou use WordPress as CMS, it is possible to easily change the connection url of\nyour administration panel so that you no longer use \/ wp-admin.\n\nVia plugins like Ithemes\nSecurity or the excellent WPS Hide Login of\nWPServeur, you can make this change in just a few clicks!\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":" Securing a site is not necessarily within everyone’s reach, but that doesn’t mean that you have to be a programmer or computer scientist to get there. So we’ve listed 9 tips that are both easy to apply and detailed enough to arouse your curiosity about security issues, so that you slowly but surely become your […]<\/p>\n","protected":false},"author":1,"featured_media":2821,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[228,210,39],"tags":[229,230,209],"class_list":["post-2820","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ddos","category-security","category-server-management","tag-ddos","tag-hacking","tag-protection"],"jetpack_publicize_connections":[],"yoast_head":"\nTip # 4: secure authentication<\/strong><\/h3>\n\n\n\n
Tip # 5: beware of DDoS attacks<\/strong><\/h3>\n\n\n\n
What can cause a DDoS attack\u00a0<\/strong><\/h3>\n\n\n\n
Tip # 6: Secure FTP access with SFTP<\/strong><\/h3>\n\n\n\n
Tip # 7: Learn more about SQL injection to protect yourself<\/strong><\/h3>\n\n\n\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0‘OR’ t ‘=’ t ‘;\u00a0–
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 which becomes, at SQL level:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SELECT * FROM users WHERE userid = ‘admin’ AND password = “”.\u00a0OR “t ‘=’ t ‘; -“<\/li>Tip # 8: Check your administration panel logs regularly<\/strong><\/h3>\n\n\n\n
Tip # 9: make regular backups<\/strong><\/h3>\n\n\n\n
Bonus Tip # 10: Change your login url<\/strong><\/h2>\n\n\n\n