[go: up one dir, main page]

DEV Community

Cover image for Website Security Tips
Chetan Rohilla
Chetan Rohilla

Posted on • Edited on • Originally published at w3courses.org

Website Security Tips

Website security is the major concern for any website holder or website developer. Because if your website is unsecured then there might be a chances that you lost your website files, website database, emails system, unable to retrieve website again. So, here we have mentioned some website security tricks and types of attacks on website.

Types of Attacks on Website

Denial of Service(DoS) and Distributed Denial of Service(DDoS) attacks

A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Men in the Middle(MitM) attacks

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

Phishing and Spear Phishing attacks

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Drive-by attacks

Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device.

Password attacks

Password attacks are one of the most common forms of corporate and personal data breach. A password attack is simply when a hacker trys to steal your password.

SQL Injection attacks

SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server and made changes to your database entirely.

Cross Site Scripting(XSS) attacks

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. When the malicious code executes inside a victim’s browser, the attacker can fully compromise their interaction with the application.

Eavesdropping attacks

An eavesdropping attack, also known as a sniffing or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device. The attack takes advantage of unsecured network communications to access data as it is being sent or received by its user.

Malware attacks

A malware attack is when cybercriminals create malicious software that’s installed on someone else’s device without their knowledge to gain access to personal information or to damage the device, usually for financial gain.

Birthday attacks

Birthday attack is a type of cryptographic attack that belongs to a class of brute force attacks. It exploits the mathematics behind the birthday problem in probability theory.

Disadvantages of Unsecure Website

  • Website Account Suspended by Hosting Provider
  • Domain Blacklisted
  • Domain removed by domain provider
  • Blockage of website access by browsers, antiviruses, computers, phones
  • Loss of Website Files
  • Stolen of Website Database
  • Loss of Emails
  • Sensitive Data Lost

Note: If you have wordpress website then you must visit this article.

How to Secure Website

Use Secure Server

  • Take regular backup of website files, database, emails and other resources.
  • Choose secure hosting provider(See our cheap and secure hosting).
  • Choose secure domain provider.
  • Use SSL and other Security Methods recommended by your server provider or domain provider.
  • If you are using VPS(Virtual Private Server) Server then secure your machine’s Operating System, Software and install some security software.
  • Add Some load balancers if using VPS server to filter your website traffic.
  • Add Some Firewalls between your website and visitor.
  • Set secure files and folders permissions like 0755 for folders, 0644 for files.

Secure Source Code

  • Validate and Sanitize your website’s forms to prevent Cross-Site Scripting attacks.
  • Validate and Sanitize your website’s URLs to prevent Cross-Site Scripting attacks.
  • Write Secure SQL Queries like PDO to secure your database from SQL Injections.
  • Try to use Latest versions of your scripting language like PHP, Python.
  • Use Secure Frameworks for your application development like Laravel for PHP Framework.
  • Use Latest and Secure Native Functions of Your Scripting Language like PHP.
  • Validate your file uploads and its contents(if possible) in applications.
  • Use CSRF tokens for your every request made in your applications to secure Man in the Middle attack.
  • Use stateless or token based authentication in your application to get rid of stolen cookies and session variables.
  • Try not use or download the pre-made codes from other websites. Because it creates a loop hole in you application’s source codes. It can be malicious themes, plugins or modules.
  • Do no save sensitive passwords or information in your browser. Because sometimes browser gets compromised and your cookies and browser storage data gets stolen.
  • Do not save sensitive information on browser.
  • Use strong encrypted data for your applications.
  • Always try to validate the visitor or client’s browser who have made request to your application.
  • Try to make website lighter or lesser in size like 950 kb web page size.
  • Try to maintain or optimize your website resources like css, js, videos, images.
  • Always set maximum execution time for your code in your server.
  • Always set maximum uploads size in your server.
  • Set only required modules, library, software and Operating System Version and Required by your application.
  • Create a proper timeline for your project.
  • Create a proper version management for your web application.
  • Restore website to previous working state.
  • Do not print any error or information message in your source code.
  • Add breakpoints and show error message to users if any error or bug found in website.

That’s it, Now following above tricks you can secure your website and prevent from some types of attacks on website.


Please like share subscribe and give positive feedback to motivate me to write more for you.

For more tutorials please visit my website.

Thanks:)
Happy Coding:)

Top comments (0)