Best Online Tutorials

SQL Tutorial

Free SQL Tutorial

SQL Interview Questions

SQL Practice Questions

SQL Tips & Tricks

SQL Errors

SQL Books

Angular Tutorial

Free Angular Tutorial

Angular Interview Questions

Angular Practice Questions

Angular Tips & Tricks

Angular Errors

Angular Books

Node.js Tutorial

Free Node.js Tutorial

Node.js Interview Questions

Node.js Practice Questions

Node.js Tips & Tricks

Node.js Errors

Node.js Books

React.js Tutorial

Free React.js Tutorial

React.js Interview Questions

React.js Practice Questions

React.js Tips & Tricks

React.js Errors

React.js Books

SSIS Tutorial

Free SSIS Tutorial

SSIS Interview Questions

SSIS Practice Questions

SSIS Tips & Tricks

SSIS Errors

SSIS Books

SEO Tutorial

Free SEO Tutorial

SEO Interview Questions

SEO Practice Questions

SEO Tips & Tricks

SEO Errors

SEO Books

Javascript Tutorial

Free Javascript Tutorial

Javascript Interview Questions

Javascript Practice Questions

Javascript Tips & Tricks

Javascript Errors

Javascript Books

MongoDB Tutorial

Free MongoDB Tutorial

MongoDB Interview Questions

MongoDB Practice Questions

MongoDB Tips & Tricks

MongoDB Errors

MongoDB Books

Next.js Tutorial

Free Next.js Tutorial

Next.js Interview Questions

Next.js Practice Questions

Next.js Tips & Tricks

Next.js Errors

Next.js Books

How to secure your website

Prashant Surya | Oct 6, 2019 | Views: 683

Description:

In these days, there are millions of websites live, in which many websites shut down due to malicious attacks every day. Some websites might faces major losses.

A website can be secured by using some tips, which you can easily implement in your website.

Everyone can become a website developer,can easily develop a website but to make it secure is not easy to every one.

Security Tips to protect your website from hackers

1. Use Https :

HTTPS is implemented by using ssl.

HTTPS stands for Hyper Text Transfer Protocol Secure. It's a protocol for securing the communication between two the systems e.g. the browser and the web server.

HTTPS establishes an encrypted link between the browser and the web server using the Secure Socket Layer ( SSL ) protocols.

HTTPS Transfers data in encrypted format.

HTTPS uses port 443 by default.

2. Take Regular backup:

You should have regular backup of your website files as well as of your database.

3. Restrict crawling:

Website should not be allowed to crawl others by search engine bots.

Robots.txt should be wisely written, to guide the crawlers.

API should be capable of throttling, so that multiple hits can't be made at a time from a single place or system.

4. SQL Injection:

SQL query should not be used with query-string parameters, so that database query should not be altered from query string or by API call.

5. Make Secured API:

API should be made secure, use token based security in API or device security.

You can use throttling , to restrict API hits either by device, time, IP address, location , no of hits allowed.

6. Change Database or back-end message to user convenient:

Don't show the direct message coming from the database or API to the User. The message should be generic by user language.

7. Validate on both sides:

If there is any form, like login or registration, there should be validation both on front-end and on back-end. So that any validation if tried to break at front-end should be stopped by server-side validations.

8. Hash passwords storage & regular updates:

Password should be stored in the hashed or encrypted format. Password should be strong, it should have a combination of special char, numeric and small and Caps alphabets.

Password should be forcefully changed at a regular interval.

9. Restrictions on file upload extensions:

If your website allow to upload files or images, it should restrict the file extensions, like if you want only pdf, you should allow only .pdf extensions file to be uploaded. This will low down the risk of uploading the malicious software or scripts on your websites.

10. Secure by disabling right click context:

Payment related websites should disable the right click context on the website so, that no one can edit on website or copy any details directly.

You can disable the f12, inspect element, console windows to avoid any misuse.

11. Protect against XSS attacks:

Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages. Any one can run their own JavaScript scripts with your website script.

Try to use textContent instead of innerHTML in JavaScript coding scripts.

Summary:

These tips will help you to get overview, how you can secure your website in a easy way. You can't secure a website fully but you can secure at a level, where simple hackers can't hack your website.

Comments:

Content Contributor★★★★★

Prashant Surya

Software developer at Uniserve Data Technologies Pvt. Ltd. | Noida, Uttar Pradesh, India

I am a software developer, freelancer and trainer working on technologies likes. MEAN stack, MERN Stack, ASP.NET full stack, WebRTC, socket.io ,PWA, SQL, JavaScript, jQuery, HTML, CSS, SEO, responsive UI/UX designing... having 7 years of experience in development in multiple domains like, eCommerce, RTA, capital markets, education, real estate...