7 Security Tips To Secure Your Website From Hackers 2019
There are many ways to secure your website from hackers, below some Server end configurations to secure your website from hackers.
Hide Apache version
Some hackers used apache version to hack any website. Apache version information allows the hacker to enter on the server some way. You need to configure apache server securely.
Visit:- Hide Apache Version
You must need to hide PHP version from the HTTP header. When you check your website security by any tools. expose_php must be disabled.
To disable expose_php follow given steps:
Go to the PHP configuration file that is php.ini with the following command.
# vim /etc/php.ini
Edit gave line expose_php
Expose_php = off
After edit saves the php.ini file and restart apache server.
HTTP Strict Transport Security (HSTS)
To secure website from hacker must be configured HSTS. Configure HSTS follow given steps.
To configure HSTS you need to edit the .htaccess file. Open the .htaccess file with your favorite editor. Copy the below code and paste the header section in a .htaccess file.
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
After editing the code in .htaccess save the file and restart apache server.
Improve the security of your site XSS (cross-site scripting)attacks. To configure X-XSS protection you need to edit the apache configuration file. Edit with the given code.
Open Apache configuration file with your favorite editor. Copy the below code and paste in the configuration file.
# vim /etc/httpd/conf/httpd.conf
Copy the below code and paste in the configuration file.
Header set X-XSS-Protection "1; mode=block"
After the edit, the configuration file Restart the apache server.
NOTE:- You can also edit given code in the .htaccess file that also works
HTTPS is a secure protocol used to provide security over the Internet. Your website must be on HTTPS. Many hosting providers offer free SSL you can use free SSL to secure your website from hackers.
Up to date website
For the security purpose, you need to update your site core + modules when updates are available. The old version of core or module allows hackers to unsecure website.
Install and configure mod_security on your server.
Firstly you need to add the EPEL repository in your server using the following command.
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
Then install mod_security Apache modules with the following command.
# yum install mod_security mod_security_crs
Then edit the configuration file with the given code.
Save the file and Restart the apache server.