{"id":2802,"date":"2017-09-07T09:32:36","date_gmt":"2017-09-07T04:02:36","guid":{"rendered":"https:\/\/www.adroitte.com\/blog\/?p=2802"},"modified":"2017-11-14T12:56:07","modified_gmt":"2017-11-14T07:26:07","slug":"how-to-prevent-small-website-from-being-hacked","status":"publish","type":"post","link":"https:\/\/www.adroitte.com\/blog\/web-applications\/how-to-prevent-small-website-from-being-hacked\/","title":{"rendered":"How to prevent your small website from being hacked?"},"content":{"rendered":"<p>A hacked website can be the worst nightmare for any businessman. Website\u2019s taken down by hackers through <strong>DDOS<\/strong> attacks or <strong>cross-scripting attacks<\/strong>; well it\u2019s definitely not a comforting view to see business getting affected or the revenue stream being hit. Hence, it is necessary to prevent hackers from threatening the integrity of your website and how to do it we will see.<!--more--><\/p>\n<p><\/br><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Some_Hacking_Facts_and_Statistics_that_you_should_know\"><\/span>Some Hacking Facts and Statistics that you should know<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>According to the recent survey, over the past 12 months, 90% of businesses experienced security hacks.\n<li>Fortune-listed companies have estimated that the losses incurring from security breaches range from tens of millions to hundreds of millions.\n<li>29% of websites that were hacked suffered from data loss.<\/li>\n<\/ul>\n<p>Also, it is a complete misunderstanding if you feel that hackers will not be interested in your small business website.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"5_Security_Tips_to_keep_your_small_website_away_from_Hackers\"><\/span>5 Security Tips to keep your small website away from Hackers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>PLATFORMS AND SCRIPTS, KEEP THEM UP-TO-DATE\n<ul class=\"no-bullets\">\n<li>Most of the platforms and scripts that are installed in websites are <strong>open-source<\/strong>. That means the code is easily accessible to both developers and cyber criminals.<\/li>\n<li>A website gets easily hacked if the framework and platform that is built on is vulnerable. Even without sophisticated practices, a hacker can easily get through the site if the older version or the <strong>third-party plugins<\/strong> are not updated.<\/li>\n<\/ul>\n<\/li>\n<li>SWITCH TO HTTPS\n<ul class=\"no-bullets\">\n<li>Short for <strong>hyper text transfer protocol secure<\/strong>, <strong>HTTPS<\/strong> is a communication protocol, which is used to encrypt the data between a browser and a web server.<\/li>\n<li>Any financial data or client information, it is necessary to maintain the integrity. Today\u2019s modern business policy says that customer\u2019s trust factor lies in the security symbol that pops in the left corner.<\/li>\n<p><il>Between HTTP and HTTPS, the letter <strong>\u2018S\u2019<\/strong> stands prominent and is defined by <strong>secure sockets layer<\/strong> or HTTP over SSL.<\/li>\n<li>Switching to HTTPS is not an option anymore, so keep your website safe from hackers and retain the SEO value.<\/li>\n<\/ul>\n<\/li>\n<li>USE PARAMETERIZED QUERIES\n<ul class=\"no-bullets\">\n<li>One of the most prevalent and common attacks on websites and web applications is <strong>SQL injection<\/strong>. Also referred to as a <strong>malicious payload<\/strong>, SQL injection attacks are mainly directed towards code that uses <strong>SQL queries<\/strong>. It can also be put as an attack against <strong>SQL database<\/strong>.<\/li>\n<li>One of the best ways to prevent SQL injection attacks is by using parameterized queries.<\/li>\n<li><strong>Parameterized queries<\/strong> are prepared statements. The technique is used during query execution, where query string is separated from query parameter values.<\/li>\n<li>These parameterized statements can be treated as bind variable or placeholders, where these placeholders can only store a value of given type and not the complete arbitrary SQL fragment so that hackers cannot mess with the code.<\/li>\n<li>These parameterized statements can be treated as <strong>bind variable<\/strong> or <strong>placeholders<\/strong>, where these placeholders can only store a value of given type and not the complete arbitrary SQL fragment so that hackers cannot mess with the code.<\/li>\n<\/ul>\n<\/li>\n<li>UTILIZE CONTENT SECURITY POLICY (CSP)\n<ul class=\"no-bullets\">\n<li>Heard of cross-site scripting attacks (XSS)?<\/li>\n<li>In Cross-site Scripting, the <strong>SOP policy<\/strong> will be bypassed, and attackers are able to inject client side scripts into web pages.<\/li>\n<li>How CSP avoid XSS?<\/li>\n<li>A simple explanation would suffice, so let\u2019s see<\/li>\n<li>Through a <strong>CSP header<\/strong>, you will avoid the browser from executing malicious scripts on the page.<\/li>\n<\/ul>\n<\/li>\n<li>USE COMPLEX PASSWORDS\n<ul class=\"no-bullets\">\n<li>One of the simplest tasks but the most neglected. For instance, if you are keeping the first 4 alphabets or the numbers as your password then you are letting your hacker win the guessing game.<\/li>\n<li>Follow good practices and create a strong password. Make sure that password is created with minimum character length and is having numbers, special characters, alpha numeric values, and alphabets both upper case and lower case.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A hacked website can be the worst nightmare for any businessman. Website\u2019s taken down by hackers through DDOS attacks or&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3141,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[185],"tags":[258],"class_list":["post-2802","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-applications","tag-small-website"],"_links":{"self":[{"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/posts\/2802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/comments?post=2802"}],"version-history":[{"count":2,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/posts\/2802\/revisions"}],"predecessor-version":[{"id":2805,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/posts\/2802\/revisions\/2805"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/media\/3141"}],"wp:attachment":[{"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/media?parent=2802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/categories?post=2802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.adroitte.com\/blog\/wp-json\/wp\/v2\/tags?post=2802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}