It has been repeatedly proven that a website hack was made possible due to a series of computer user mistakes rather than considerable programming loopholes. Below you can find our compilation of several notorious oversights that increase hacking risk.
Too easy login or password
You can do it on your own – no specialized knowledge is required. The most essential step while setting up a website is creating new administrator and deleting default user account – which is global practice to set up as ‘admin’ by default. Default settings make it very easy for a potential hacker to attack a website since he can bypass 50% of the site’s security measures at once. If an unwelcome guest guesses a login, their next step would be so called Brute Force Attack which basically means typing in most popular symbol strings used for passwords. If they succeed in guessing the password, the hacker will gain full control over the site and the website admin is in for a very unpleasant surprise after logging into the system.
We all are guilty of forgetting to update a website or its plugins sometimes. It becomes a problem though, when there are several up to dozen or so updates piling up after several moths of disregarding them. Taking care of frequent updates is the first step to protect a site against hacks. It is advisable to use a programmer’s help – sometimes an update can break a template and crash the website.
Hiding a logging panel
This step requires a little bit more expertise. It is about masking default URL for logging into an admin panel. For example, upon every installation Wordpress system creates a default path domainname.com/wp-admin. By changing it to „domainname.com/mynewname” we will thwart a potential hacker’s conventional attack on our website (guessing login and password mentioned before).
Blocking remote access through .htaccess file
This step is for more advanced users and programmers. The lack of sufficient security measures of the .htaccess file presents a hacker with many ways to access the source code of the website. A good solution is blocking remote access enabled through the commands in this file. A fragment of a blocked access: Deny from All. There is also a possibility to redirect by .htaccess: Redirect/oldfolder/oldfile.html http://sampledomain.com/newfolder/newfile.html