During the last couple of days, some Gigahost customers were so unfortunate to be met by their web pages being hacked, in most cases by some “Muslem Hacker” or “Saudi Arabian hacker”. Follows, some security tips on how not to get hacked.
- Passwords: Always choose proper passwords for your systems, and never use your username, real name or the like for your passwords for the hosting account, email, or anything else. You can use a random password generator such as this to generate secure passwords.
- CMS and scripts: Always update your Content Management System and any scripts you may be using to the latest versions, since new security exploits are often found (and corrected).
- Delete unused files: Delete scripts and other files you are not using. In particular, “install” directories or files from CMS installations. Often these are named “install.php”, “install”, “setup.php” or the like.
- Use robots.txt: Search Engines will often index content on your site, which may leave parts of it unintentionally open. By placing a file called “robots.txt” you can avoid this. Read more here.
- Protect content with .htaccess: You can use “.htaccess” files to password protect one or more parts of your site, block certain IP addresses, block “hot-linking” of images and lots more. Read more here. A WordPress-specific .htaccess guide can be found here.
- Plug-ins and third-party programs: If you extend your site with third-party programs or plug-ins (such as WordPress plug-ins), ensure these are also kept up-to-date. Remember only to download plug-ins and other scripts from trusted sources
- Use anti-virus/anti-spyware: Some attacks originate from the local computer, and not our systems. Should a hacker get entry to your computer, it will be trivial to read off passwords from, say, database configuration files residing on your system. Use anti-virus and anti-spyware programs to protect your PC. A nice, free anti-virus program is AVG, and another program (also free) to protect from spyware is Ad-Aware.
- Backups: Lastly, make sure always to back-up your email, files and databases. Especially when you update your CMS or your scripts.