Chuck Fields
/ Categories: Blog

Three Actions you can take to help keep your website safe from hackers

While no one can guarantee a 100% hack-proof site, you can take these three steps to help reduce your chances of an attack

EP02–In this podcast episode we discuss what you need to do to help keep your website safe from a hacker attack. While no one can guarantee a 100% hack-proof site, you can take these three steps to help reduce your chances of an attack:

  1. Keep your website code up to date
  2. Keep an error log
  3. Test your website for vulnerabilities

1) Keep your site’s code up-to-date
Outdated code can be full of holes and become prime targets for hackers, especially automated attacks using known vulnerabilities. If your site has login functionality that hasn’t been reviewed or updated in the last couple of years then you are vulnerable. Even if your site was developed recently, it could still be vulnerable if the developer used outdated technology.

2) Keep an error log
Your site at the very least should capture and store errors in a database log or flat file. You should capture the type of error, when it occurred, what screen(s) or procedure(s) threw the error, and if possible the name and/or IP of the user. If you don’t have an error log get one—it’s a fairly simple process to capture web site errors and store them for a trusted developer. An alternative is to email these captured errors, but that can be server intensive and flood a user account with redundant emails, not to mention the user account must be actively monitored.

Review your error log regularly
An error log doesn’t do you any good unless you review it regularly. Count on at least weekly if not daily monitoring to at least get a sense of troublesome spots in your site. This will also help you detect if hack attempts are being made so that you can circumvent them before they do real damage.

3) Test your site for vulnerabilities
If you’re doing eCommerce you may already be familiar with PCI Compliance scans. These are a great tool to scan your site on a regular basis to identify any vulnerabilities. They’re also an excellent way to make certain your site doesn’t get out of date as these use the latest known methods for security testing. Some site offer free scans, although not as in-depth as a PCI compliance scan, but still helpful.

Free online tools include:

  • Scan My Server
  • Qualys
  • Web Inspector

(Search the internet for “web application vulnerability scanners”).

Previous Article Three things you can do right now to reduce your risk of a Cyber attack
Next Article Three Things to keep your website from being held hostage
437 Rate this article: