Whether you administer a simple blog or a full-fledged e-commerce shop, back-end website security should be a top priority. Considering the potentially catastrophic consequences of a data breach, it makes sense to put extra effort into protecting your site infrastructure. Besides regularly updating CMS software and plugins, there are a few more specific steps that can be taken to prevent security failures. Use the following tips to shore up your site’s defenses.
Set Limits on Log-In Attempts
Keeping an eye on log-in attempts and port knocking is one of the best ways to prevent brute-force attacks. Be sure to set up your CMS to limit the number of times that a log-in attempt can be made from a particular IP address. With full-featured blogging programs like WordPress, you can achieve this with a plugin that bans IP addresses based on suspicious activity.
Always Validate Form Inputs
One of the most common exploits known to webmasters is SQL injection. Generally speaking, it works because sites fail to validate form inputs and query parameters from their users. For starters, be sure to set a maximum length for any input field such as name, email or text in the comments section. Fortunately, validating input data with a CMS like WordPress or Joomla is easy due to the availability of plugins like Instant Comment Validation.
Focus on Password Protection
Employing and safeguarding strong passwords should be a priority for both webmasters and users alike. A good password that will stand up to brute-force cracking attempts is at least 12 characters in length and contains a healthy mix of upper and lowercase letters, numbers and symbols. In addition, it’s wise to implement salted password hashing. Finally, be sure to use SSL for your site’s admin area andpassword-protect directories with an .htaccess file.
Limit Access to File Information
Leaving your site’s file information hanging in the wind is the first step towards admin or user credentials being hacked. For starters, disable directory listings. In addition, it’s a good idea to modify error reporting so that 401 pages don’t reveal too much about a username or its matching password. Furthermore, you need to make sure that files that users upload aren’t executable. Use your site’s .htaccess page to set permissions to 644 when users upload files.
Rely on Opensource Tools
Using opensource software and scripts in the development of your site is often the best way to prevent attacks. Opensource CMS platforms like WordPress, Drupal and Joomla are a good start. Server programs like Apache or Nginx combined with opensource scripting language like Python or PHP make for extremely secure hosting platforms right off the bat. Hit up Github and other opensource repositories of code if you need a custom solution to a development problem.
Eternal Vigilance is the Key
Obviously, there’s much more to ensuring site security than the tips listed above. However, they’re a great start if you’d like to cover the major bases. The reality is that there’ll always be a new web exploit to counter. As such, you need to stay on your toes and keep site security on your mind’s back burner at all times.