My web host just sent me a really good news letter containing tips on securing yur web site and your blog. It was so good, I just had to share it. My web host is Hostpapa.ca and these are their words…
***Starting now***
Below are some basic and advanced tips to help you improve your security.
Basic Tips:
1. Passwords. Strong passwords help protect you and your files.
- Use a different password for all applications, email accounts, FTP accounts, etc.
- Do not “reset” your password back to an old one
- Do not use dictionary-level words for passwords
- Create a strong password: use a combination of upper and lower-case letters, symbols
and numbers
- Always be diligent about protecting your passwords
- Reset your passwords on a regular basis (good practice is every 90 days)
Advanced Tips:
1. VERY IMPORTANT: Update your software! It is critical that all 3rd party scripts are kept current and up-to-date. This is the greatest security risk and the #1 reason why websites are compromised.
When a company updates their web software it is often to patch a potential security breach, specifically in programs such as WordPress and Joomla. Hackers look for websites with outdated software as they already know what vulnerabilities they can exploit to break into a script or program. To avoid this, ensure you subscribe to your application’s mailing list as, this will provide you with the latest information regarding software updates and vulnerabilities. Although it can be an annoying task, you will be rewarded with better security, and possibly more features and functionality. HostPapa provides an easy way to update your software and stay current – install your software using Fantastico!
2. Keep permissions locked down. Setting the wrong permission on files can be an open invitation for hackers: anyone with user level access can access a file with 777 permission. It is generally good practice to ensure permissions are set to 555 (all read and execute) for directories and 444 (all read) for files, unless a specific program requires them to be set to something different. Avoid using very open permissions such as 777, 755, 666 or 644.
3. Clean up your file manager when possible. This includes deleting pages, scripts, databases, mail boxes, email addresses and FTP accounts that you no longer use, as well as uninstalling software that you no longer need. Removing custom scripts, software and pages that you no longer use helps to limit possible entry points for a hacker and leaves you with fewer pages and scripts to secure.
4. Protect your computer. Protection from malware is just as important as security on your web hosting server. There are specific types of malware and spyware which are designed to download the store passwords from FTP clients such as FileZilla and Dreamweaver, and these details can then be used to upload malicious content to your website. Here are some tips to reduce the possibility of malware being active on your home computer:
- Install a good Anti-Virus/Anti-Spyware package.
- Complete full scans of your system on a regular basis.
- Ensure that you are receiving software and definition updates and always check for new updates or versions of your FTP Client.
5. Be careful with using tell-a-friend scripts or submission forms. These scripts are notorious for receiving large amounts of email spam. Many of these scripts act as a gateway for spammers to send unsolicited emails through your website – which will ultimately result in your account with us being suspended or banned.
To prevent this from happening please implement the following:Use a reputable script with a CAPTCHA phrase. This will place a unique image or phrase on your website, which requires a user to read and enter the characters that they see. This will reduce the possibility of automated software filling out your form, lowering the chance of spammers compromising your website.
***Ending now***
As you can see, there are lots of great tips to use depending on your situation. Hostpapa.ca has left me with some things to think over. I hope this was helpful. Here is their link:
http://www.hostpapa.ca/ if you want more information. They have been really good to me, and I thought I would brag a little on them. Have a great day out there and be safe.