How To Secure Your Website From Hackers And Other Malicious Attacks
Most attacks on web sites are for the purpose of injecting content that other web sites can benefit from, such as adding pages or injecting code to existing pages that provides backlinks to their web site. But often a hacker wanting to defame you or pollute your database with gibberish may use the same methods.
Website Security Tests
And today there is a plethora of software designed to do just that, ranging from blog posting software that will probe the web looking for blogs to post to that are not adequately protected by login and captcha to prevent auto responding by the software, to software that will probe for the existence of known apps running on the web site that are known to have security flaws that can be exploited.
FTP & Upload RestrictionsUpdating server system software regularly and ensuring that write permissions are not allowed to the public Internet is a good starting point. If you need to use FTP for site and software updates, try restricting access to fixed IP addresses because FTP probing software will sit there days trying to guess your password and you don't want be unlucky.
A lot of novice site owners finding CMS like WordPress and the many plugins available for them can get carried away and install far too many plugins without checking if they have vulnerabilities. Best to limit plugins to only those that are really necessary, and don't allow them to update except by you doing that manually.
Prevent SQL Injection
To prevent SQL injection attacks, ensure that your CMS or custom scripting sanitizes all database queries. Sanitization means filtering any combinations of words and symbols that can be used as database commands. Restricting input to only alpha-numeric characters and encoding some needed symbols like the ampersat and ampersand will prevent a lot of mischief.
Blog ProtectionWeb blogs can provide SEO spammers an invaluable resource if allowed to accept posts by unqualified accounts. Note that "unqualified" is different to "unverified" because spammers can use software that automates account creation and email validation so that it can start spamming your blog. It is always best to manually approve blogs.
Data mining usually goes unnoticed but it can be harmful when search engines cannot tell original content from that which has been data-mined and stolen to populate web sites whose sole purpose is to display advertising banners for profit. In this case, unless you too are feeding search engines for ranking points, you want to consider using site protection software.
Site Protection Software
By using site protection software like the ArtistScope Site Protection System (ASPS) you can not only prevent your content and media from being data mined and plagiarized, but also make it impossible for hackers to reach your website using the probing and hacking software and tools at their disposal. ASPS can leave doorway pages accessible to search engines while protecting nominated pages or sections of your web site from indirect and unauthorized access. All data sent from an ASPS web site is encrypted, providing a secure tunnel between server and the user's web browser that cannot be exploited, even by the use of packet sniffing software.
PDF Protection Software
Sites using PDF documents for content such as online lesson and course material can use PDF protection software to prevent plagiarism and data mining. PDF distributed for desktop reading can be protected from sharing by applying password or DRM controls and PDF displayed on web pages can be domain locked to your web site, making them useless for display anywhere else. Today the one solution that can cater for both desktop and website display is the CopySafe PDF Protection software which also provides the most secure and most robust protection from all copy methods.
Apart from doorway pages serving as fodder for search engines, most websites can be locked down to prevent direct access except by approved routes, whether that be by member login, IP address restrictions, required user-agent (web browser) or unique identification by Mac address or Computer ID.
Given the known IP addresses of the search engines, one can easily allow search engine access to all pages but restrict access requiring a member login to all other visitors. Although allowing search engine access based on user-agent is not recommended because data miners do fake that. In fact some web browsers can fake user-agent and they all support extensions that do just that.
When it comes to the security of your website and preserving professional images, one can never be careless. Nor can one believe everything that they read, especially phrases like "secure web hosting" when you web site is likely to be one of hundreds sharing the same server. If ever one of those websites gets compromised it may allow a hacker to exploit all web sites. That is something to consider when upgrading to a virtual server costs as little as $10/month. Hosting your site on your own virtual server eliminates everyone else's errors and it will also enable you install and run the ArtistScope Site Protection System (ASPS) for the utmost in data and media protection.
Author: William Kent
Date: 22nd April 2020
Return to DRM and Copy Protection