The Internet is an amazing way to discover new things and communicate with others, but it is also quite an unsafe place, where attacks happen all the time. Website hacks can compromise the work of businesses and companies, especially by taking down the content and relevant means by which they communicate and do transactions with their audience.
So, it is important to know how to protect your site, preventing it against hackers attack pages or server – especially now, in a time where the business of cybercrime is big, expensive and growing. The three following items can be important for anyone, especially website admins, to be better prepared to defend a website against hacks and overall threats.
Use SSH Private/Public Keys
Secure Shell, more commonly known a SSH, is the most common way for people to connect with a remote server, such as the ones that host websites. It is mostly safe but, if you ever used it, you know that, by default, it requires a username and password combination. However, we all known how bad people are when it comes to passwords, so that makes it less secure.
Luckily, there is a somewhat easy way to make SSH almost 100% secure: private/public key authentication. It is an alternative method of identifying a user to a login server, instead of typing a password, and works by generating a key pair. Put simply, this pair consists of two files, containing impossibly large strings of characters, one sitting on the server and the other one on your computer.
After setting the whole thing up, logging in that server is only possible with that key sitting on your computer, that only you have. This make SSH much safer, especially because of what is inside the keys:
Learn to Protect Against DDoS Attacks
DDoS (Distributed Denial of Service) attacks are really common. Contrarily to most hacking attacks, they do not intend to steal data, but instead to make an online service (such as a website, or an app) unavailable by overwhelming it with traffic from multiple sources, up to a point where the server simply cannot process all the requests and crashes. DDoS attacks are constantly happening, to it is important to know how to protect against them.
Incapsula, a cloud-based solution for website security, has just launched DDoS Protection Bootcamp, which is the first online portal to provide deep technical training in the subject of DDoS protection. It is a comprehensive quiz-based training course with two levels, Basic and Advanced, and is comprised of eight sections, which are then followed by a quiz whose level of difficulty depends on the course level.
Update, update, update!
Updates are essential, regardless of what we are talking about. Other than cool things such as new features and visuals, what is more important about updates is that they bring solutions to solve security problems and/or bugs, which are constantly being found.
Some hacks are done by taking advantage of these bugs and security holes, so it is of utmost importance to apply updates as soon as they roll out. This is true for server-side software, such as WordPress, cPanel or something similar, but also to our personal computers, as it is from them that we make most operations. For example, someone that takes control of our computer can easily open an FTP software, such as FileZilla, and manage to enter our server or even get hold of our FTP credentials, which is obviously terrible – as some big companies found in recent years.