You need to stay up to date with hacking threats. If you have at least a basic knowledge of what is possible then you can protect your website against it. Follow updates at a tech site such as The Hacker News. Use the information you gain to put fresh precautions in place when necessary.

The admin level of your website is an easy way into everything you do not want a hacker to see. Enforce usernames and passwords that can not be guessed and change like “AvasQ9r_6eDx2”, a combination of lower and upper cases of alphabets, numerics, and symbols. Limit the number of login attempts within a certain time, even with password resets, because email accounts can be hacked as well. Never send login details by email, in case an unauthorised user has gained access to the account.

Many people who use the software do not install updates immediately. If the reason behind the update is a security vulnerability, delaying an update exposes your websites to attack  in the interim period. Hackers can scan thousands of websites an hour looking for vulnerabilities that will allow them to break in. Their internal network is crazy, so if one hacker gets into the website then hundreds of hackers will know as well.

Check List:

a) Expire logins after a short period of inactivity

b) Change passwords frequently

c) Choose strong passwords and NEVER written down

d) Scan all devices for malware before they plugged into the network each time they are attached

e) Program for one minute-by-one minute security run for your websites

Web application firewall (WAF) a software or hardware, which sets between your website server and the data connection, can help by reading every bit of data passing through it. Cloud-based WAF is the best in available of data processing and data security.

 There are some free plugins such as Acunetix WP Security can provide an additional level of protection by hiding the identity of your website’s CMS. This tool makes your websites more resilient against automated hacking tools.

Don’t let your admin pages to be indexed by search engines, so you should use the robots_txt file to discourage search engines from listing them. If they are not indexed, then they are harder for hackers to find. The tutorial from SEObook.com will help you to do it.

File uploads are a major concern electronic theft. No matter how thoroughly the system checks them out, bugs can still get through and allow a hacker access to your website’s data. The best is to prevent direct access to any uploaded files, store them outside the root directory and use a script to access them when necessary. SupportPRO will help you to set this up.

Use an encrypted SSL protocol to transfer users’ personal information between the website and your database. This will prevent the information being read in transit and accessed without the proper authority.

When you leave auto-fill enabled for forms on your website, you leave it vulnerable to attack from any user’s computer or phone that has been stolen. You should never expose your website to attacks that utilise the laziness of a legitimate user.

Just in case the worst happens anyway, keep everything backed-up. Backup on-site, backup off-site, backup everything multiple times a day. Every time a user saves a file it should automatically backup in multiple locations. Backing up once a day means that you lose that day’s data when your hard drive fails. Remember every hard drive will also fail.

You can buy software that says it will hide the code on your web pages. It doesn’t work. Browsers need access to your code in order to render your website pages, so there are simple ways to get around web-page “encryption.”