In these days, there are millions of websites live, in which many websites shut down due to malicious attacks every day. Some websites might faces major losses.
A website can be secured by using some tips, which you can easily implement in your website.
Everyone can become a website developer,can easily develop a website but to make it secure is not easy to every one.
Security Tips to protect your website from hackers
1. Use Https :
HTTPS is implemented by using ssl.
HTTPS stands for Hyper Text Transfer Protocol Secure. It's a protocol for securing the communication between two the systems e.g. the browser and the web server.
HTTPS establishes an encrypted link between the browser and the web server using the Secure Socket Layer ( SSL ) protocols.
HTTPS Transfers data in encrypted format.
HTTPS uses port 443 by default.
2. Take Regular backup:
You should have regular backup of your website files as well as of your database.
3. Restrict crawling:
Website should not be allowed to crawl others by search engine bots.
Robots.txt should be wisely written, to guide the crawlers.
API should be capable of throttling, so that multiple hits can't be made at a time from a single place or system.
4. SQL Injection:
SQL query should not be used with query-string parameters, so that database query should not be altered from query string or by API call.
5. Make Secured API:
API should be made secure, use token based security in API or device security.
You can use throttling , to restrict API hits either by device, time, IP address, location , no of hits allowed.
6. Change Database or back-end message to user convenient:
Don't show the direct message coming from the database or API to the User. The message should be generic by user language.
7. Validate on both sides:
If there is any form, like login or registration, there should be validation both on front-end and on back-end. So that any validation if tried to break at front-end should be stopped by server-side validations.
8. Hash passwords storage & regular updates:
Password should be stored in the hashed or encrypted format. Password should be strong, it should have a combination of special char, numeric and small and Caps alphabets.
Password should be forcefully changed at a regular interval.
9. Restrictions on file upload extensions:
If your website allow to upload files or images, it should restrict the file extensions, like if you want only pdf, you should allow only .pdf extensions file to be uploaded. This will low down the risk of uploading the malicious software or scripts on your websites.
10. Secure by disabling right click context:
Payment related websites should disable the right click context on the website so, that no one can edit on website or copy any details directly.
You can disable the f12, inspect element, console windows to avoid any misuse.
11. Protect against XSS attacks:
Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages. Any one can run their own JavaScript scripts with your website script.
Try to use textContent instead of innerHTML in JavaScript coding scripts.
Summary:
These tips will help you to get overview, how you can secure your website in a easy way. You can't secure a website fully but you can secure at a level, where simple hackers can't hack your website.