How do I secure my website from hackers and abuse?

Sometimes we are told by our clients that their website has been hacked. Website administrators sometimes build a website and then do nothing with it for years. This increases the chances of abuse and a hacked website. Therefore, it is important to spend time on this regularly. In this article, we describe what you can do to prevent this as much as possible.

The danger of using a CMS
A CMS is a public code that you can use for your website. The most well-known CMS examples are Wordpress and Joomla. A large proportion of websites (currently 37%) are Wordpress websites. A CMS is easy because you don't need any programming knowledge yourself and can still easily set up a website. But it is also dangerous, because the code is public, hackers know exactly where the Wordpress leaks are and how they can take advantage of them.

Wordpress allows you to add plugins. However, the danger with this is that such a plugin can contain a leak (revslider is a plugin that is hacked regularly). Hackers have a program that allows them to find this out, and will then exploit the leak. They will create files and execute their own code. The result is that you have a hacked website, and very likely send spam as well (if not, this will undoubtedly happen soon).

How to prevent this?

1. Always make sure that all plugins and wordpress version are up to date, so that the leaks that are there are closed by the update.
2. Make sure you have a recaptcha on all your contact forms and pages where an email is sent. A recaptcha is a code you have to type over, nowadays recaptcha is very advanced and you don't have to type over codes. Recaptcha sees from the usage whether you are a hacker / spammer or a real person. So it is necessary to have this option active.
3. Use a good (admin and ftp) password (as is important with your email accounts). Hackers are constantly trying to guess passwords (also called bruteforce). With an easy password, they quickly cracked your password and can log in and change things.
4. Use a security program that stops hackers, for example for Wordpress you can use Wordfence or any other security plugin that you like, there are also plugins to modify your admin login url. On the internet you can often find some tips that can help you with this, for example by blocking the xmlrpc.php etc.
5. Use the latest PHP version
6. Make sure you do not have file permissions set to 777 on all files and folders. Give a folder temporary write permissions only when needed and remove them again when not needed.
7. Turn off comments when you are not using them. When you do use comments, send them to your @domain.com address and not to a @hotmail / @live / @yahoo address. And make sure there is a recaptcha on this as well.
8. Do not use admin or administrator as a username, this is the default username, you can try to change it or if that fails then you can create a new user for this and then delete the admin.
9. In addition, also see if a 2factor authentication can be activated.

Hopefully the above tips will help keep hackers out.

Has your website been hacked? Click here for possible solutions.

Do you have any tips of your own? Please pass them on to support@oxxa.com .

Back to web hosting