How can I make sure that my website won’t get hacked?

Nahar Aba Hakeem March 28, 2012

I’ve been interested in developing a website for years but I am only able to do it using free content management systems out there. This leaves me with worry that someone out there would hack my website for no reason.

How can I ensure that this isn’t going to happen? What should I do to fully protect my website if I decide to use a free CMS?

  1. Shiv Shankar
    July 31, 2012 at 6:30 pm

    my website is hacked please help me....

    HaCked bY DeaTh AnGeL

  2. James Bruce
    March 29, 2012 at 7:48 am

    Keep wordpress up to date, plugins up to date, and don't use random themes you download from "free wordpress themes" google search. Simples. 

  3. ha14
    March 28, 2012 at 12:28 pm

    How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions.

    Protecting Your Website Against Hacking

    dotDefender web application
    With dotDefender web application firewall you can avoid DoS attacks because dotDefender inspects your HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited.

  4. Bruce Epper
    March 28, 2012 at 8:00 am

    There is no way to ensure that it won't happen; it just isn't possible.  And the reason for it is not whether you are using any kind of free software or if it is all commercial/proprietary stuff.  If you build a website or even attach any computer to the internet, at some point a person or a piece of automated software WILL attempt to gain entry.  That is a given.

    Now, what you can do is ensure that you have taken all reasonable precautions.  If you are running the server yourself, you need to make sure that the operating system is fully patched and only running the services it absolutely must run - NO EXTRAS.  All other software installed on the server (the CMS and supporting software)  should have all of its security patches applied.  All of this must be maintained for the life of the server as new vulnerabilities are found in the operating system and other software.  All unnecessary ports should be disabled. 

    Look up recommended configurations for the CMS, the operating system, the web server software.  All of these will have additional considerations for secure usage and there is not to my knowledge a simple boilerplate configuration that can be used in all instances with all possible combinations of sofware that can be used in these circumstances.

    If you are using a hosting service, some of these responsibilities would lie with the hosting company, normally the operating system and web server-related issues for the most part would be theirs.  Portions of the web server configuration would still lie with you and you may also have some influence regarding services that are enabled/disabled for your server instance.  You would probably still have full control of the CMS itself unless it is provided by the hoster.

    No matter how the rest of it pans out for your individual circumstance, you MUST ensure that you use strong passwords on everything.  Do not use the same passwords for the different parts.  Since they are different parts, they require different strong passwords.  If (when) someone else gains access, don't give them the keys to everything in a single shot.  Make them work for each piece.