Like all things in security - there are no guarantees. If you want to be entirely sure your website never gets hacked then build your website, take it offline, put it on a computer in your bedroom that is never connected to the internet, and never turn that computer on. That will be very secure - but will totally defeat the purpose of having a website, namely to have a publicly accessible presence.
There are more reasonable steps that you can take though:
- To minimise the chances of a successful hack
- To speed up recovery if you do succumb at some point
The most important thing you can do, and we can't stress this enough, is to keep your website up-to-date. Not the articles and the images, but the underlying Content Management System that helps you build your website and that provides all the nice interactive elements. That's the part that gets exploited. You *must* keep the Content management System that powers your site up-to-date, whether that is Joomla, Wordpress, Drupal or any other system.
Likewise, and in many respects more critical, are the myriad third party add-ons within your site. A CMS like Joomla or Drupal is tested by many knowledgeable people before it is released. The add-ons you or your developer installed to give you a nice calendar, an image gallery, a forum or whatever else are somewhat less tested, are typically built by hobbyist programmers and contain more bugs. WYSIWYG editors and file upload functionality offer another vector through which many sites are compromised. You must monitor the extensions your site relies on and keep them up to date. If you can't do this then pay someone who can.
|< Prev||Next >|