There are a number of ways to keep your server protected from security breaches and hackers. The most obvious thing to do is to keep your server and website software up to date, but you’re more than likely already doing this. What else can you do?
Bare in mind that no system is impenetrable, but you can at least make your systems harder to crack. By implementing just a few features, your server will feel like a fortress.
Here are a few ways to protect your server.
Regularly check error logs
A handy part of using server software, like cPanel, is its ability to log all of the comings and goings of your website. This includes any problems that arise when a user accesses your site, or any system failures. All of this information is kept in an errorlog, though pre-built software, like WordPress, has its own error log as well.
This is easily achieved if you are using cPanel. Log into the system and navigate to the Metrics category and then Errors. If there are currently any problems with your website, it will give you a breakdown of the error and which file it is in, and the line of code as well. Some of these will be easy fixes, while others may require an outside developer.
Keep users and passwords
This is an incredibly basic piece of security, but one that is often overlooked. Breaches to your server may happen due to negligence on an admin’s part, or due to social engineering. Because of these factors, and human error, it is recommended that those with access to the server have their passwords changed regularly. This will ensure that if any password was previously obtained, it cannot be used again in the future.
Passwords must always be stored as encrypted values and not plain text. Also look at using salted (cryptography) passwords, as these add an extra layer to encrypted values.
Additionally, if an admin is no longer working on the server or with the company, be sure to either remove or completely change their details. It is another prevention method to remove security breaches from unknown third parties.
It is possible for malicious users to inject additional code into your website’s database by way of a web form or URL. Through this process, they could also dump your entire database, which would give them access to every bit of private and secure data you have.
Most software have commands that can protect your website from SQL injections. For example, using the below bit of code (from W3 Schools) has the server checking each line and treating it individually, as opposed to a complete expression:
txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = @0”;
By not taking shortcuts in your code, it will help to protect the website from outside interference.
SECURE File uploads
By allowing users to upload files to your webserver, you are potentially leaving it open to attack. JPEG images are able to contain PHP text that can be executed when accessed. For users of pre-built systems, like WordPress and Drupal, they already include security features for file uploads.
There are a few ways to secure your system. One way is to disallow users from uploading images; if you need avatars, then look at a site like Gravatar. Another way is to immediately change the filename when it is uploaded to be sure it is “clean” of code and extensions. For additional security, be sure to change the permission of the file, to 0666 for example, in order for it to not be executed.
By integrating HTTPS, data sent from your browser to a website’s server is encrypted. The protocol is used to protect sensitive information, such as online banking transactions or submitting personal information.
In order to have one installed, contact your hosting company. There’s a good chance that an SSL certificate was already included with your web hosting package.