More and more, the website is the best business card a business can have. It is the point where clients can access relevant information about the company and gives clients a first overview of the company’s professionalism: chances are that a company with a tidy website will be more professional than one that does not care about this aspect.
With this in mind, it is essential to keep a website as safe as possible and, even though there are not 100% hack-proof websites and services (like the recent Sony hacking clearly shows), there are indeed some actions that webmasters can take in order to increase security and reduce the likeliness of a breach.
Most of these actions are related to web hosting, so the key is to get the host offering the most security solutions possible. To get some help choosing, rely on this nifty website that reviews several hosts.
Perform software updates
Webmasters maintaining a safe website should keep the software updated to the latest versions, as these often fix the vulnerability issues found in earlier versions. This is especially important for sites built with the help of a CMS, as these services are updated quite regularly and it can be easy to miss the update train.
If your website offers a login option, then a safe website will display a general error message for login failures. Something like “Username or password incorrect” will reduce the hacker’s chances of success as, even if he opts to use a brute force attack, he will not be able to know if any of the fields is correct.
Some user actions can be hazardous to a website, with the main highlight going to file upload. Needless to say that these files can have virus or malware in them, with the potential to cause malfunctions to the website. If this is a really needed functionality, it can be helpful to impose some limitations, like forbidding the upload of certain types of files using the htaccess file.
Using a Virus/Shell Scanner
Virus and Shell scanners are not that well-known, but they can be very useful. There are several options available (example), and they analyze the site and check every directory looking for shells (like c99, Sn0xShell, and so on). SiteLock is yet another useful service, that automatically removes any malware found on the site, avoids the addition of the site to search engines blacklists and shields the website against bots and other attacks.