Every week I handle security incidents that could have been avoided by following simple, security procedures. Here are my 5 favorite security tips to keep your web site running securely.
Choose Good Passwords
I often see email and FTP accounts compromised because of bad passwords. As simple as it sounds, people still do not use good passwords. I use PCtools Password Generator to produce 8-12 character long, random passwords that contain at least mixed case and numbers. I store passwords using a secure password manager application.
Secure FTP
If you’re using FTP you are sending your username and password unencrypted over the internet. I recommend switching to Secure FTP (SFTP) and disabling FTP. It’s secure and just as easy to use as FTP. Most FTP clients released support SFTP. I use FireFTP but others in our office use WinSCP and FileZilla that work just as well.
Update, update, update!
Do you use WordPress, Joomla! or vBulletin? Do you have a photo gallery or shopping cart on your site? These and similar web applications are easy targets for hackers. Keeping these applications up-to-date is key to keeping your site safe from hackers.
Firewall it.
Want to limit access to your server? Firewall it. With a firewall, you can further limit access to specific ip addresses. You can block specific services, like ssh, FTP (if you’re ignoring my second tip) or admin interfaces for added security. Most ISPs will give you a static IP address for a few dollars more per month. This is money well spent because you can then lock down your server by IP address.
Backup Data
Sometimes no matter how much time you spend on security and policing your operations, hackers find a way in. I like to keep off server backups. This way you can restore hacked files, site contents and return to normal operations quickly.
I am always surprised at how many people fail to follow these simple best practices. In nearly every web site attack I investigate, one of the above was not followed. If you follow them all, you can prevent many attacks and be ready to recover should something happen.
Have any good tips?
Please share them.