Website Security

Written by Brad Markle
Views: 5,697
Published: Aug 25, 2011
Last Modified: Oct 12, 2011

Please Note: This article includes links to sources online about website security, that pertain specifically to individual programs like Wordpress and Microsoft Windows. While it is not possible for us to publish every security article for every program, a search on the web regarding security and updates for the software you run should return numerous results.

Website security is a topic on a lot of users' minds. If you search the web for How to hack a website, you will literally get millions of hits. Taking the necessary precautions now with your website will help prevent a big headache later on in the event anything does happen to your website.

 

Backing up your account

We're starting this article on website security with an introduction to backups. Making regular backups of your website is very important, and is one of the best recommendations that we can provide. cPanel includes an easy backup utility that you can use to backup your entire website, including your databases, email, and files. For more information on backing up your website, please view the following flash based tutorial for working with the Backups section of cPanel:

http://support.inmotionhosting.com/userguides/cpflash_x3/cpanel_x3_backup.htm


There are numerous techniques that hackers can use to compromise a website, however the reasons these techniques are successful are usually because of:

  1. Vulnerabilities in the software you run on your hosting account
  2. Vulnerabilities in software that you run on your local computer

 

Vulnerabilities in the software you run on your hosting account

Most software that users run on their website is Open Source software. Open Source software is software that is freely available for anyone to download and use. For example, both Joomla and Wordpress are very commonly used, and they are both Open Source. One of the drawbacks of Open Source software is that anyone can download and view the software's code, which makes it easier for hackers to find ways to compromise a website. The authors of such Open Source Applications release updates and security patches on a regular basis. Please be sure that you are running the most current versions of any third party software on your website, as the most current version is usually the most secure version as well.

The following is a list of links, for Wordpress and Joomla specifically, that point to the software's own information about security:

 

Wordpress

 

Wordpress.org - How to Keep WordPress Secure
http://wordpress.org/development/2009/09/keep-wordpress-secure/

 

Wordpress.org - Hardening WordPress
http://codex.wordpress.org/Hardening_WordPress

 

Wordpress.org - Upgrading Wordpress
http://codex.wordpress.org/Upgrading_WordPress

 

Joomla

 

Joomla.org - Joomla Security Center
http://developer.joomla.org/security.html

 

The Joomla Security Center includes information about their latest security news, their latest security articles, and more information in general about the Joomla Security Strike Team.

 

Joomla.org - Upgrade Instructions
http://docs.joomla.org/Upgrade_Instructions

 

 

 

Vulnerable plugins

 

Keeping any third party plugins / extensions on your website up to date is just as important as keeping the core software up to date as well. We've compiled a short list of links for more information about this topic as well.

Joomla
Joomla.org - Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List

 

Wordpress
Wordpress.org - Hardening WordPress - Plugins
http://codex.wordpress.org/Hardening_WordPress#Plugins

 

 

Did you code and develop your website yourself?

If you coded your own website, knowing common techniques hackers use can help you take steps to make your own software more secure. The following is a list of links to articles on Wikipedia that provide more information on common hacking techniques:

Please Note:Although direct coding support is out of the realm of what our Support Department can assist with, a search on the web regarding the topics below will return many results that include how to update your code and take preventive measures.

SQL injection
http://en.wikipedia.org/wiki/Sql_injection

Code injection
http://en.wikipedia.org/wiki/Code_injection

Cross-site scripting (XSS)
http://en.wikipedia.org/wiki/Cross_Site_Scripting

Remote File Inclusion
http://en.wikipedia.org/wiki/Remote_File_Inclusion

Vulnerabilities in software that you run on your local computer

Not only do Open Source applications like Joomla and Wordpress release updates on a regular basis, but so do companies such as Microsoft and Adobe. The following is a list of links to major software titles and information about the security updates they have available:

Adobe
Adobe.com Security bulletins and advisories
http://www.adobe.com/support/security/
For example, Adobe offers many popular products, such as:
Adobe Reader - http://www.adobe.com/support/security/#readerwin
Adobe Dreamweaver - http://www.adobe.com/support/security/#dreamweaver
Adobe GoLive - http://www.adobe.com/support/security/#golive


Microsoft
Microsoft.com - Windows Update
http://windowsupdate.microsoft.com/
Microsoft provides Windows Update to help keep your copy of Windows and other Microsoft products up to date. Be sure that your version of Windows has installed the most up to date security patches available.

Apple
Apple.com - Apple security updates
http://support.apple.com/kb/HT1222
Apple is well known for the security and stability that their products come with, but even Apple has to releases security updates. Please see the link above for more information regarding Apple security updates.

The IT industry is changing every day, especially when it comes to the Internet and security. Keeping your software up to date, both on your hosting account and on your own computer is one of the best ways to secure your website. You should also regularly scan your computer for viruses and malware, maintain regular backups of your website, and be sure to contact the InMotion Hosting Support Department if you have any additional questions.

Like this Article?

Login to comment.

Support Center Login

Your Opinion Matters

... but we need to know what you're thinking!

I'm Brad Markle, your friendly Community Support technician, and I wrote the article you're looking at now. I like to think it's perfect, but I'm sure you have some suggestions. Please, let me know what they are!

Feedback
Your Email Address
Because we'd like to talk with you!

Latest Questions

If you need some help, submit your question to our Community!
We guarantee a response within 60 minutes (8am - 9pm EST, Monday - Friday)
Ask a Question!
Recent Questions
  1. Large file uploading problem
  2. How to determine IP's
  3. How to customize Moodle 2.5 reports
Browse other questions

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!