A lot of people postpone their work on the protection of their site, either due to lack of knowledge or out of a belief that they will not be targeted. But the threat is real, and it is better to start developing the security of the site beforehand. Do not think that you won’t be targeted. Many people have paid for their excessive self-confidence already, so learn from their mistakes! These are a few of the consequences that may come if your site gets infected by viruses.
Outcome №1. The site will lose most of its visitors and undermine its credibility for a long time.
Outcome №2. If the problem is not fixed in time, you will drop in the ranking of search engines.
Outcome №3. The site owner will lose time and maybe even money. Every webmaster must protect his site from viruses before they can infect the computers of ordinary users, causing mass dissemination.
Our experts never allow infection or hacking. Be sure to finish reading the article until the end to find out more about how you can keep your website safe.
How do viruses get into your site
Let's start with the fact that the site protection requires the engagement of the two sides - a site owner, and hosting provider on which the site is.
If you select a free or cheap web hosting, then you are the only one to blame if it gets hacked or damaged. Hosting provider should have a professional team of specialists who should be able to provide protection for both the hosting and the websites of their clients.
If hackers break the protections of the hosts, they can easily get an access to the files of any site located on them and implant a virus or hidden link.
A large share of the responsibility for safety is directly on the website owner, then, as he can unintentionally open the access to the files of his project.
How can this happen? Mainly owners or administrators become victims because of their inexperience or excessive confidence that their site will not be hacked.
Here are the main reasons why the site can be cracked or infected with a virus.
Reason №1. The most common cause of infection or cracking websites lies in the weak passwords for the admin panel.
Reason №2. Using a free or cheap hosting.
Reason №3. Retention of passwords to the admin in your browser.
Reason №4. Retention of admission passwords in the FTP clients.
Reason №5. Use of various plugins and modules downloaded from dubious sources.
Reason №6. Use of older versions of CMS or impertinence of their update.
If there are other reasons you can think of, feel free to add them in the comments.
What is the aim of the cracking or infection of the sites
What is the goal pursued by the hacker, who cracks the sites? Of course the goals may be different. The most "harmless" one is an implementation of a hidden external reference, a method of Black SEOAlso the cracking can be made by the order from the competitors or others to complicate access to the resource or even completely block it.
Finally, a site can be cracked to implant a virus. This is the most harmful outcome.
Viruses may be implanted for a number of reasons, but usually it is infect a site and then spread the virus to any computers visiting the site.
How to protect the site from the virus or cracking
To protect your site from cracking and viruses you only need to do four things:
- Protect the access to the admin panel.
- Protect FTP connection.
- Protect website from XSS attacks.
- Do not upload virus files to the site.
The correct way to protect the access to the admin panel is to deny the access by IP address through the file .htaccess. But unfortunately this method does not work for everyone, since mainly ISP providers give their customers dynamic IP’s, which have the ability to constantly change. Only a static IP is not changing. Theyy are not very common, but you can purchase them.
For hackers not to access the admin panel you should follow these rules:
Rule №1. Create complex passwords with at least 30 characters and change it at least once a month.
It's no secret that weak passwords are easily matched. There are plenty of special recruitment (cracking) programs and you don’t have to be a secret agent to hack in.
Remember the example of the Facebook account cracking or other social networks — there are plenty of such examples.
Rule №2. Only use unique passwords that you do not use anywhere else and do not tell them to anyone.
Also take measures measures so your passwords do not get into the wrong hands, and certainly never give your password to others.
Rule №3. Never store the password in the admin panel in your browser.
Skilled hacker using the "gentleman" set of programs is able to extract saved password from almost any browser.
To avoid saving the passwords in the browser or having to enter them each time you log into as the administrator, use password manager.
Rule №4. Do not store passwords on a FTP client. If a virus penetrates into your home computer, then it most likely will be able to read the access data that is saved on a FTP client and it can transfer the data back to the hackers.
This is a very important rule, which a lot of people neglect. The virus can really steal your access data on a FTP client and the consequences can be bad.
The correct way to protect your FTP connection is to deny the access using the IP address by means of a specific file .ftpaccess.
This method is very good, but again it does not work for everyone, because this protection must have a static IP, and you need your hosting to have a support with the file .ftpaccess.
Some webmasters that have had serious problems with search engines due to viruses use a separate computer to work on the website to avoid contamination.
Rule №5. Do not save passwords on mail servers as it is practically impossible to protect them from hacking. Once an account is created for hosting, an e-mail will be sent from the provider. If you don’t change the passwords given out by the hosting provider in time, there is a great risk that your site will be cracked and infected.
I hope we have convinced you. On mail servers you need to be very careful because they are very often used to spread viruses. Try not to open suspicious emails and if you suspect that the letter contains a virus, be sure to inform the mail server. If the administrators refuse to take these threats seriously, we recommend you stop using that mail service.
Rule №6. Use online plugins or modules downloaded only from the official websites of developers.
Plugins can be written with a variety of filters, scripts and even viruses that you can upload to your project.
Rule №7. Update CMS in time, as well as plugins and modules, as the developers of the update correct the mistakes in the vulnerable pieces of the code.
A hacker can use the vulnerabilities of the code to conduct XSS attack on your operating life or conduct a so-called SQL injection.
We must admit that obtaining 100% protection from such intrusions is very difficult, as for every action there is a counteraction. An experienced hacker might be able to get around any security system, but it’s still necessary to create layers of protection.
Following these simple rules will protect you from many problems. If you have additional suggestions to add, please add them in the comments.Not that difficult, right? If you need an advice, competent filling and the maintenance of the sites, contact the Technical Support of Drupal sites Drudesk, and we will certainly help you.