Website security

Hacking risk is a part of any website’s lifespan. In our long-standing experience we have encountered hacking attacks of various sorts – from micro hacks to well-planned and coordinated attacks. We can help you secure your web page and in case of becoming a victim of a hack – we offer our help in removing false source code fragments. Unfortunately, due to versatility of attacks, it is not always possible to avoid their consequences. Below we provide several tips that can help you upgrade your website security.

Basic info

It has been repeatedly proven that a website hack was made possible due to a series of computer user mistakes rather than considerable programming loopholes. Below you can find our compilation of several notorious oversights that increase hacking risk.

Ochrona stron

Too easy login or password

You can do it on your own – no specialized knowledge is required. The most essential step while setting up a website is creating new administrator and deleting default user account – which is global practice to set up as ‘admin’ by default. Default settings make it very easy for a potential hacker to attack a website since he can bypass 50% of the site’s security measures at once. If an unwelcome guest guesses a login, their next step would be so called Brute Force Attack which basically means typing in most popular symbol strings used for passwords. If they succeed in guessing the password, the hacker will gain full control over the site and the website admin is in for a very unpleasant surprise after logging into the system.

Ignoring updates

We all are guilty of forgetting to update a website or its plugins sometimes. It becomes a problem though, when there are several up to dozen or so updates piling up after several moths of disregarding them. Taking care of frequent updates is the first step to protect a site against hacks. It is advisable to use a programmer’s help – sometimes an update can break a template and crash the website.

Hiding a logging panel

This step requires a little bit more expertise. It is about masking default URL for logging into an admin panel. For example, upon every installation Wordpress system creates a default path domainname.com/wp-admin. By changing it to „domainname.com/mynewname” we will thwart a potential hacker’s conventional attack on our website (guessing login and password mentioned before).

Blocking remote access through .htaccess file

This step is for more advanced users and programmers. The lack of sufficient security measures of the .htaccess file presents a hacker with many ways to access the source code of the website. A good solution is blocking remote access enabled through the commands in this file. A fragment of a blocked access: Deny from All. There is also a possibility to redirect by .htaccess: Redirect/oldfolder/oldfile.html http://sampledomain.com/newfolder/newfile.html