Scribd
Upload
143 views13 pages

Dewatalks 45 Basic Web Security by Dewaweb

This document discusses basic web security. It explains that smaller websites are still targets for hackers who want to exploit visitors, steal information, perform SEO tricks or abuse server resources. It then provides 8 steps for better securing a website, including choosing a secure host, enforcing strong passwords, using SSL encryption, keeping software updated, regular backups, security scans, maintaining a clean device, and following the latest security news.

Uploaded by

Stephen Strange
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
143 views13 pages

Dewatalks 45 Basic Web Security by Dewaweb

This document discusses basic web security. It explains that smaller websites are still targets for hackers who want to exploit visitors, steal information, perform SEO tricks or abuse server resources. It then provides 8 steps for better securing a website, including choosing a secure host, enforcing strong passwords, using SSL encryption, keeping software updated, regular backups, security scans, maintaining a clean device, and following the latest security news.

Uploaded by

Stephen Strange
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

BASIC WEB SECURITY

Dewatalks

By Gerardo Ivan, for Dewatalks.


WHY WEBSITES GET HACKED?

There is often a misconception about why websites get hacked. Owners


and administrators often believe they won’t get hacked because their
sites are smaller, and therefore make less attractive targets.

Hackers may choose bigger sites if they want to steal information or


sabotage. For their other goals (which are more common), any small site
is valuable enough.

By Gerardo Ivan, for Dewatalks.


WHY WEBSITES GET HACKED?

There are various goals when hacking websites, but the main ones are:

- Exploiting site visitors.

- Stealing information stored on the server.

- Tricking bots and crawlers (black-hat SEO).

- Abusing server resources.

- Pure hooliganism (defacement).

By Gerardo Ivan, for Dewatalks.


WEBSITE MALWARE INFECTIONS & ATTACKS
Inject SEO spam on the page

Drop a backdoor to maintain access

Collect visitor information or credit card data

Run exploits on the server to escalate access level

Use visitors’ computers to mine cryptocurrencies

Store botnets command & control scripts

Show unwanted ads, redirect visitors to scam sites

Host malicious downloads

Launch attacks against other sites

Distributed Denial of Service (DDoS) attack

By Gerardo Ivan, for Dewatalks.


1. CHOOSING A SECURE, FAST, AND
RELIABLE CLOUD HOSTING COMPANY

ISO 27001 - Information Security Management

ISO/IEC 27001 is widely known, providing requirements for an


information security management system (ISMS), though there are
more than a dozen standards in the ISO/IEC 27000 family. Using them
enables organizations of any kind to manage the security of assets
such as financial information, intellectual property, employee details or
information entrusted by third parties.

By Gerardo Ivan, for Dewatalks.


2. ENFORCE A STRONG PASSWORD POLICY
Do not reuse your passwords: Every single password you have should be unique.

https://haveibeenpwned.com/ - Tokopedia, Bukalapak, Yahoo

Have long passwords: Try longer than 12 characters

Use upper and lower case letters, a special character (like @, $, ! and so on) plus some numbers

- https://www.lastpass.com/password-generator - strong password generator

- https://www.dinopass.com/ - easy to remember

Avoid weak, commonly used username/passwords: like asd123, password1, 4dmin!, or birthdate

Two Factor Authentication / 2FA - Google Authenticator

- https://www.dewaweb.com/blog/cara-mengaktifkan-two-factor- authentication-pada-

cpanel/

- https://ithemes.com/set-two-factor-authentication-wordpress-site-google-authenticator/

- https://www.wordfence.com/help/tools/two-factor-authentication/
By Gerardo Ivan, for Dewatalks.
3. USE SSL ENCRYPTION ON
YOUR WEB PAGES
SSL : Secure Sockets Layer -> TLS : Transport Layer Security

HTTP :80 -> HTTPS :443

Free SSL /3month - Let's Encrypt

- https://www.sslshopper.com/ssl-checker.html - SSL checker

SSL installed, but browser showing “Not secure” ?

- https://www.whynopadlock.com/ - check mixed content

- WP Plugins “Really Simple SSL” – quick fix

Check whether your SSL installation gets Grade A or A+

- https://www.ssllabs.com
By Gerardo Ivan, for Dewatalks.
4. KEEP YOUR SOFTWARE UPDATED

Outdated software high risk of vulnerability

Don’t use nulled software – malware, no updates, ilegal,

Check compatibility with other software / PHP version

Create and download backup before major updates

By Gerardo Ivan, for Dewatalks.


5. SCHEDULED BACKUP
Off site backup, download to your own device /week

Automatic backup, stored in your hosting - JetBackup, Acronis, Etc.

By Gerardo Ivan, for Dewatalks.


6. PERFORM WEB SECURITY SCANS

Imunify360 – Comprehensive six-layers web server • WordPress Security Plugins – iThemes


security with feature management Security, Wordfence, *Free

- Automated Malware Scanner with Cleanup • Online Web Scanner

- https://sitecheck.sucuri.net/
- Advanced WAF with Machine-Learning Ruleset
- https://www.virustotal.com/gui/
- Intrusion Detection and Protection

- Proactive Defense for PHP Websites

- Software Patch Management

- WebShield with Integrated CAPTCHA

- Hosting Panels Integration

By Gerardo Ivan, for Dewatalks.


7. KEEP YOUR DEVICE CLEAN

Use Premium Antivirus – update regularly *Free

- Bitdefender - https://www.bitdefender.com/solutions/free.html

- Kaspersky - https://www.kaspersky.com/free-antivirus

Don’t use cracked OS and Application

- Better get cheap license at eCommerce

Always use VPN in free public wifi network

By Gerardo Ivan, for Dewatalks.


8. FOLLOW LATEST SECURITY NEWS

WordPress Vulnerability Roundup :

- https://wpvulndb.com/

- https://www.wordfence.com/blog/category/wordpress-security/

- https://ithemes.com/category/wordpress-security/

- https://www.webarxsecurity.com/wordpress-vulnerability-news/

- https://thehackernews.com/

- https://blog.sucuri.net/

By Gerardo Ivan, for Dewatalks.


THANK YOU
Dewaweb.com

By Gerardo Ivan, for Dewatalks.

You might also like