How to defend your website

To better protect your site, you should keep the following principles:

  1. Regularly back up your page, both files and data from your database. As a result, even if all server data is deleted, you can resume your page. You can set up a cron job when backing up the page in the allotted time. If you dont know how to create backups of files and database, you can use our instruction

  2. If a page is based on CMS, enable all the options responsible for the security of the page.

  3. Set up different passwords for different accounts. To create a complex, original password, you can use the password generator. Passwords must be changed from time to time by new ones and in any case should not be given to other people.

  4. If your website is located on the VPS, it is better to use multiple servers simultaneously: one to keep the production version available to users and the second one to implement and test changes.

  5. If the page has been hacked, you should find the cause: check out the logs (if your website in on VPS), change the password and return to the previous version of the backup. If the fault is in the CMS, you can post a message about it on the forum of your CMS (do not forget to mention the version and add-ons you have been using). This will help other users to protect themselves as well and accelerate the process of strengthening weaknesses in this CMS.

There are many different ways to hack the page. How to hack the page depends on the weaknesses of the software installed on the hosting and on the computer. Since a large number of CMSes is open source, any user can find their weaknesses and use this to hack someone's page. That is why it is very important to update versions in time - in newer versions usually weak spots are better protected. Information about these unsecured places may be found on the official websites of CMSes.

For example, Wordpress:
https://wordpress.org/news/2009/09/keep-wordpress-secure/
http://codex.wordpress.org/Hardening_WordPress

or Joomla:
https://developer.joomla.org/security-centre.html


One of the weaknesses may be the plugins. Install only the official ones. More:

Wordpress
http://codex.wordpress.org/Hardening_WordPress#Plugins

Joomla
https://docs.joomla.org/Vulnerable_Extensions_List


If you are creating your website without CMS, here you can learn more about the methods of hacking:

https://en.wikipedia.org/wiki/Code_injection
https://en.wikipedia.org/wiki/Cross-site_scripting
https://en.wikipedia.org/wiki/File_inclusion_vulnerability


You can learn more about the weaknesses of the software installed on your computer on the official websites, for example:

Adobe
https://helpx.adobe.com/security.html

Microsoft
http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=ru&&thankspage=5

Apple
https://support.apple.com/en-us/HT201222

Also be sure to regularly scan your system and your files on the server with antivirus program.

If you have noticed viruses on your page, we can help you. Please follow this page