Owning and designing websites is an exciting experience. The technology allows web designers to create interesting and dynamic websites. However, every website owner knows that security of her website is just as important as the fancy things it can do. Hackers target unprotected websites through password cracking programs, insecure PHP coding and outdated scripts. Malware code is injected into websites' HTML and PHP files, causing web browsers to display hacked messages or advertisements instead of owner’s intended code. To protect a website, you must remove any vulnerable source that can be exploited by a hacker.
Things You'll Need
- FTP program
- Microsoft Notepad
Change the main website password (also known as the web hosting plan password) once a month. Use a combination of numbers, letters and symbols to form a secure password that is hard to guess or crack through hacking programs. For example, the password "N3409Fn29aa" is harder to guess than "sunshine29,"
Log in to each PHP script installed and in use (guestbook, blog, mailing list) and change their administrator passwords. Form difficult administrator password for each script that you're using on the website.
Update all scripts that are in use and are planned to be parts of the website in the future. Upgrade to latest available and stable versions by downloading them from the developers' websites. Update any security patches available through the developer. Outdated PHP scripts have insecure coding and are often hacked and injected with malware code.
Remove any scripts that are outdated and no longer in use. Delete the files off the web server or follow uninstall directions if available through your website's control panel.
Disable global directives and variables (which can be used to gain access to administrator panels and inject malware code) from your web hosting account. Alter the ".htaccess" file to secure the website and protect it from this common malice.
Log in to your website's root directory using an FTP program. Select "Show hidden files" from the FTP display options.
Locate a folder called "public_html" and open it.
Download ".htaccess" from your website to your desktop.
Right-click on the downloaded ".htaccess" file. Select "Open With - Notepad."
Type on the first line of the .htaccess file the following code:
php_flag register_globals off
Save the file and upload back to "public_html."
Tips & Warnings
- Always delete old scripts that are no longer being used. For example, if you have switched to a new guestbook script, you can save the MySQL database, which saves old entries but remove script files. Hackers can find unused scripts as long as the files are on your web server, which should still be accessible through a web browser, and inject malware code. You would be the only person with access to the MySQL database and it will not be compromised.
- Register_globals can also be turned off through php.ini files, but most web hosting customers do not have such server access granted to alter php.ini. You can alter php.ini to turn off register_globals if you have your own server or high-level access. Regular web hosting customers should alter .htaccess files located on their website's root directory.
- Do not alter any other coding in the ".htaccess" file as it may be needed for your website to function. Add only the provided code on the first line and save.
- Running an antivirus program on your computer will not detect malware code injected into your website's files. Antivirus programs scan only local computers but can find any spyware and malware that you've accidentally picked up while browsing websites. They will not, however, clean out your website files from any hacking activities.
- Photo Credit Christopher Robbins/Photodisc/Getty Images
How to Protect Your Smartphone From Viruses
All smartphone owners should be aware of and concerned about viruses that affect smartphones, but most aren't. Only 4 percent of mobile...
How to Protect a Computer From Viruses
If you think your computer may be infected, take all necessary steps to clear your system and avoid infecting other computers.
How to Protect Your Website from Hacker Attacks
Few things can cause more angst to a website owner or Web developer than a hacker attack. Not only does such an...
How to Protect a Computer From Hackers
Hackers and identity thieves are constantly on the prowl, looking for vulnerable computer systems to break into. The worst thing you can...
How to Get Rid of Malware on My Website
A website is commonly attacked through malware injection code. The coding is injected through HTML files or an HTACCESS file. The malware...
How to Enable Phishing & Malware Protection
All three major browsers on the market, Internet Explorer, Mozilla Firefox and Apple's Safari, have built-in phishing and malware protection. When turned...
How to Unblock Malware-Blocked Anti-Virus Sites
When your computer is infected with a virus, troubleshooting becomes extremely difficult. It's even more frustrating when that malware is blocking access...
Malware Site List
Computer viruses, trojans, spyware and other malware are prolific on the Internet and affect thousands of people daily. Knowing the types of...
Norton Malware Removal
Malware is the shortened term for malicious software, or programs that arrive in the form of trojan horses, viruses, and worms and...