Understand the simple rule, Any loophole in your system is an open invitation for hackers to attack your website at there will and fantasty.
So the Thmb rule is simple, Keep all your doors secured and patch and monitor loopholes. Here we offer your few simple advices that could help you secure your website effectively and safe from attacks.
1. Keep All your Password Secured, The so called hackers employ scripts that brute force attack password using the possible permutation and combination. So Most Important enforce strong password Policy, use Larger than 10 charectores, Alpha numeric, with capital letters and special charectors combination.
Second aspect is never store your password in any FREE Public email accounts mailboxes or storage area, always adopt an alternate way to keep your password secure.
2. All Software NOT Upto Date are Open Invitation to hackers, Start from OS of both the Client and Server Operating system is uptodate, well patched and hardended to thwart any maleware or bit attacks. Than look for your FTP Clients, We strongly recomend avoid using pirated copies of any software including the FTP clients, in several cases it was found that the FTP client itself sending FTP credentials to hackers. We recomned use SFTP instead of FTP service and clients. Thirdly ensure your Front end and backend langaues like PHP, ASP, JSP, Perl, python, PostGREESQL and MySQL are latest one. and you have properly configured the front end and backend languages not to leake your memories due to poor safe gaurd and restrictions. Forthly ensure any CMS like WordPress or ecommerce application like magento etc are latest one. avoid plugins from not known sources, as this are also found to be backholes for hackers to enter your server.
3. Use Secured hosting only, use HTTPS protocol that provide security over the internet and ensures users are communicating with server in secured manner and while data being transfered between client and server its not being compromised. Install a secured SSL Certificate on your website.
4. Scan your website and webs server for any vulnerabilties, As several times you need to do external scan to check any vulnerabilties. and by known so you can patch and harden the vulnerabitityy.
Few of the Tools you can try :
https://securityheaders.com/
https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner
https://www.qualys.com/forms/freescan/
https://sitecheck.sucuri.net/
https://www.ssllabs.com/ssltest/
