Posted by Muhammad Imran on 23 September 2016 02:41 PM
Website Level Security:-
Follow the following steps to secure your website.
1. Secure your operating system
Your operating system (e.g., Windows, OS X, or Ubuntu) plays a central role in managing the security of your computer. Keep it safe by:
• Installing security updates as they become available.
• Using a built-in or third-party firewall.
• Enabling file sharing only if needed, and then with security features (e.g., passwords) turned on.
2. Keep up to date
Not just your operating system, but your web browser, toolbars, plug-ins, security software, and other applications all need to be kept up to date to patch “holes” that can let badware into your computer.
• Most software has an automatic update feature—use it!
• For software that doesn’t have such a feature, look in the menus (especially the “help” menu) for a manual “check for updates” option.
• If there is no update option in the software, check the vendor’s website to see if they have “patches,” “updates,” or other downloads intended to fix security vulnerabilities.
3. Install security software
Anti-virus, anti-spyware, and other similar products can be useful to detect, stop, and remove badware that has found a way onto your computer despite following the previous steps. Look for a product that:
• can detect both known and unknown viruses, spyware, and other badware in real time.
• has a low false positive rate.
• has been reviewed in established publications and/or tested by independent labs. Do not take the word of the product’s website or ads; instead, check the publications’ and labs’ websites for verification.
It is sometimes helpful to have a second product (from a different vendor) that you can run manually or on a schedule to check for anything that the realtime scanner may have missed.
4. Remove or disable unnecessary applications
If you find a piece of software on your computer useful, great! If not, why leave another avenue for an attacker to get in?
• Uninstall toolbars, plug-ins, and other software that you don’t use (note: if you might need the software in the future, be sure you have everything you need to reinstall it)
• Disable automatic startup for applications that you only use occasionally
5. Proceed with caution
Badware distributors love to find ways to trick people into installing their software. Here are a few tips to avoid being deceived:
• Avoid opening e-mail attachments or downloaded files unless you can verify that they came from a reputable source.
• Be wary of clicking links in e-mail messages. It may be safer to visit the site by typing its URL in to your browser or, if applicable, using an existing shortcut that you have to the site.
• Be alert to fake virus warnings, often within web browser windows, that encourage you to download, install, or purchase unfamiliar software.
• Heed warnings from web browsers, search engines, and security products that try to protect you from known or suspected threats.
6- Other Security Measures
Keep your essential software up-to-date :
Browser plugins (i.e. Flash, Java, Adobe Reader, QuickTime, etc.)
Anti-virus and/or anti-spyware tools
Use browser security extensions like NoScript to minimize risks of being infected while surfing the web.
Change all site passwords. Refrain from saving new passwords in FTP programs where malware can easily steal them from.
Update all third-party scripts:
If you use any third-party software on your site (blog, forum, CMS, wiki, e-commerce solution, etc), make sure its version is up-to-date. Hackers specifically target vulnerabilities in popular scripts and with their automated tools, they can start a massive attack against vulnerable sites just a few hours after the discovery of a new security hole. So if the vendor of the script releases a security patch, it's in your best interest to upgrade as soon as possible.
7) Use cloud flare service service to filter your website traffic. Enable cloud flare service by login to your cpanel.
8) If your website is developed in any CMS than follow all security measures this will help you to protect your admin panel of CMS as well as your website.
9) Use best development techniques to develop your website and always use generic logic and test your application with different testing techniques and try to crash while testing.
10) Use SSL certificates for data encryption among client and servers.
11) If you are using a third party script or code on your site, this usually means running the latest secure version. And always use paid themes.