Leave a request
Site protection from malicious codes and attacks is an important aspect that is necessary to maintain the safety and reputation of your site. In this article, we will consider effective methods for protecting against infection with harmful scripts and codes, as well as recommendations to prevent random or intentional threats.
Use reliable software.
Load the distributions of web applications and extensions/plugins for CMS only from proven sources.
Regularly update CMS and server software, follow the news about the vulnerabilities of the CMS used.
Carry regular audits of server safety to identify vulnerabilities.
After installing the CMS, remove installation and debug scripts.
Use complex passwords from web server software (FTP, SSH, Hosting and CMS administrative panels).
A complex password should contain at least 11 characters, including letters in different registers, numbers and special characters.
Do not use the same passwords for different services.
Change passwords at least once every three months to minimize the risk of data leakage.
Do not save important passwords in browsers or FTP and SSH clients.
Follow the safety of working computers.
Antiviruses with regular updates should be installed on all devices from which you work with the server. Also, do not forget to renew the operating system and application programs in a timely manner.
Control data entered by users.
Filter a damping that can be built into the site of the site pages.
Check on the server the permissible dimensions of the data and their compliance with the predetermined lists and intervals.
Do not insert the data obtained directly into Eval (), SQL queries or types of types. Always check and purify information from potentially dangerous elements.
Do not leave in the working code the parameters of debugging or experiments with disabled functionality.
Use WAF (Web Application Firewall) for additional protection.
Control the rights of user access, as well as protection against inter -seitum fake queries (CSRF).
Limit access to the CMS and database administration panels (for example, PHPMYADMIN), as well as to configuration files, reserve copies of code and metadata versions control systems (for example, .SVN or .GIT).
Hide the versions of the server software.
Set up the firewalls and network infrastructure so that only the necessary connections are allowed.
Avoid clickjacking. The simplest measures include the installation of HTTP headers X-FRAME-OPTIONS SAMEORIGIN or X-FRAME-OPTIONS DENY.
We recommend that the hostings regularly check the sites using the SAFE Browsing API of Yandex to identify possible threats.
If users of your site can upload files or leave the text, it is likely that the malicious code will get into the content (intentionally or accidentally).
Protect from bots.
Use CMS plugins to protect against robots or look for IP addresses of users in black lists.
Check the data that users enter.
Do not let the JavaScript code be inserted into Script tags, as well as in links or other elements.
Do not use the iFrame, Object, Embed tags to insert code or load .jar, .swf and .pdf files, as this can lead to the automatic creation of malicious elements on the site.
Create "white lists" -tags to block unwanted elements.
Check the inserted links using the SAFE Browsing API of Yandex.
Check the used software.
Download CMS, widgets and libraries only from official sites or from proven sources.
If downloading occurs with dubious sources, be sure to check the presence of malicious code in files.
Always study the code of additional components before adding them to CMS.
Be careful with advertising blocks and code.
Use only advertising blocks from trusted advertising systems.
Before connecting the site to the new affiliate system, look for reviews and examples of content.
Avoid dubious offers with a high fee for traffic monetization.
If possible, embed static content (links and images), avoiding dynamic elements.
Control access to service interfaces.
Remove access for specialists who performed one -time work, as well as for previous owners.
By attracting third -party people, demand recommendations and turn off their accounts after the end of work.
Caution with the provision of FTP access for affiliate systems - this can lead to vulnerabilities if the system is hacked.
Look for reliable and high -quality hosting.
Some hosting providers may not provide proper security, and some can deliberately infect customer sites.
To receive additional assistance and consultations on the security of your site, contact the SEO companion CEO by email info@seo.computer or through WhatsApp to number +79202044461.
ID: 150
