To secure your website you will need to do a few things.
There are layers of security one can apply to his or her website to strengthen the security level.
1. HTTPS Protocol
First of all you need to use HTTPS protocol in other to encrypt all the communication within the website.
This can be done by acquiring an SSL Certificate and signing the traffic with the public key and decrypting it server side with the private key.
Moving your website to the HTTPS protocol essentially means adding an encryption layers of TLS (Transport Layer Security) to your HTTP making your user’s and your own data extra secure from hacking attempts.
2. Change Admin Directories
Another salient issue to consider is that hackers can also gain access to your site’s data by going straight to the source and hacking into your admin directories on your web server for giveaway names like ‘admin’ or ‘login’ etc.
Check out: Why Do So Many Small Businesses Fail?
To avoid this problem, make the admin directories difficult to spot.
3. Build Layers Of Security Around Your Website.
Install antivirus software on your desktop computer. Before browsing the web, you should also have a security system to serve as your website’s first line of defense against hacking attacks.
A web application firewall is that first line of defense. It is designed to inspect incoming traffic, provide and weed out malicious request such as offering protection from Spam, Brute force attacks, SQL injection and so on.
You can also use strong password and make sure you change it regularly. I strongly advice you to make your password a combination of alphanumeric characters, Symbols, upper and lower case character which will be difficult to guess
4. Install Cloudflare on your website
This will add another layer of security to your web hosting.
You can visit cloudflare for more info on how to setup cloudflare account
5. Change the Default CMS Settings.
Today’s CMS applications, although easy to use, are horrible from a security perspective for the end users.
By far the most common attack against website’s are entirely automated,and many of these attacks rely on the default settings being used.
This means that you can avoid a large number of attacks simply by changing the default settings when installing your CMS of choice.
For example, some CMS application are writable by the user- allowing a user to install whatever extension they want.
There are settings that you may want to adjust to control comments, users, and the visibility of your user information.
The file permission, which we discuss later, are another example of a default setting that can be hardens.
6. File Permissions
File permissions define who can do what to a file
- Each file has 3 permissions available and each permission is represented by a number:
- ‘Read’ view the file contents.
- ‘Write’ Change the file contents.
- ‘Execute’ Run the Program file or Script.
- Most CMS installs have all the permissions correctly configured by default, when searching for solution to permission errors, over the web, you find people advising you to change file permission to 666 or folder permission to 777. This advice will usually fix any permission errors, but it is a terrible advice from a security perspective. If you set a file permission to 666 or folder permission to 777 you have just allowed *anyone* to insert malicious code or delete your files!
Thanks and hope post helps you in someway.