CheapWindowsHosting.com | In this post I will share some tips to protect your website from hacker.
Even if you are running, a small website that you think will be of little interest to hackers, there is never any reason why you shouldn’t be taking the security of it seriously. Hackers use automated scripts to find holes and will exploit any vulnerability they can find on any website. Perhaps best known for defacing websites and stealing data, hackers more often than not are after your website or web hosting server for another purpose – to relay their spam emails or to host fake websites to steal data from unsuspecting end-users.
We’ve put together some tips that we think will contribute to a secure website and that you should follow so that you can be confident your website is protected.
Every now and then even the most popular and well-developed applications can be released with undiscovered security holes that could leave websites open to attack. However, it is also these applications that see the fastest security updates to make sure that these holes are patched as soon as possible and the potential for attack is neutralised. If you do happen to be using a particular version of an item of software on your website that has proven to be vulnerable then it is imperative that you update as soon as possible so that you don’t come under attack; updating on a regular basis also has the added advantage of providing access to the latest and best features.
If an SQL query is being populated using data from a submitted form of a URL variable, then it has the potential to be used for the purpose of an SQL injection. An SQL injection attack could be used for a number of purposes as rogue statements can take all forms; a ‘SELECT’ statement could be used to reveal the contents of your customers table, an ‘UPDATE’ query could be used to update the admin password for more in-depth access, or a ‘DELETE’ query could wipe your tables completely. An SQL injection attack can be prevented with most scripting languages by using paramaterised queries instead.
Encoding and stripping any HTML out of form submissions can help to guard against XSS (cross-site scripting attacks). An XSS attack occurs when an attacker attempts to use a form to submit Javascript or other code to execute malicious code against the visitors on your website.
Although many people see error messages as a way of letting users know why they can’t do something, such as login, hackers can use the information provided by an error message to perform a more calculated attack on a website. If a malicious attacker was to perform a brute force attack on a login page for example, then mentioning common error messages such as “incorrect username” and “incorrect password” individually will let the attacker know that they’ve got half of the username/password combination right, whereas a message such as “incorrect username or password” when one may be right and the other may be wrong won’t give them any extra and potentially helpful information.
The input of any forms should be checked on both the server and client side. Web browsers can be used to pick up on simple mistakes like missing out a mandatory field or entering words in a field where only numbers are required. For a deeper analysis of the contents of a form, implementing server-side validation can detect potentially malicious attacks such as where an attacker has attempted to enter code to exploit a vulnerability.
Nowadays it is now common sense to use secure passwords that use a combination of numbers, characters, and letters rather than just letters on their own. Brute force and dictionary attacks have proven to have a high success rate on cracking accounts where users have used simple and ineffective passwords including the word “password” itself; the only way to circumvent having your account details exposed because of a weak password by choosing something that isn’t in the dictionary. Web developers should include password strength indicators on their registration forms so that users have an idea as to just how strong their password is; including a random password generator is another recommended move and can be beneficial for users who aren’t really sure of how to compose their password.
No matter how you look at it, allowing your visitors to upload files to your website can post a massive security risk. There is always the off chance that a file could contain malicious code that can be executed on the server, regardless of the file extension being used. Because of this, all files need to be treated with equal suspicion.
The best solution for this is to prevent direct access to all uploaded files. Storing files in a directory outside of the actual web root or as a blob in a database means that there is no direct way of accessing them or executing them. You’re probably wondering how you can still serve them to your visitors though, but this can be pretty simple; just put together a script that will be able to fetch them from the database or private folder and then render them to your pages or in the browser by providing the appropriate content type.
An SSL certificate is a relatively cheap and simple way of giving your website a massive security boost. Ordinarily web traffic is unencrypted and web pages are sent as clear text across the Internet from the server to the visitor’s machine, where their web browser will then take the plain text HTML and render it as the intended design. However, this traffic is very unsecure and is open snooping; if a hacker were to eavesdrop on the connection they could easily see the pages that a target has been visiting and any submitted form information, which is the biggest issue since forms are often use for the input of personal information.
By installing an SSL certificate for your website, you will be removing this vulnerability by encrypting all traffic transferred between your website and your visitors’ computers. Any hacker who attempts to eavesdrop on an encrypted connection will only see garbled text that will be of no use to them, making SSL a vital investment for any website, and is pretty much mandatory for any website handling personal information.
There are several different options for purchasing an SSL certificate depending on how many domains you’d like to protect and the value of the warranty provided.
CheapWindowsHosting.com | Today we will learn about SEO. Do you know SEO? Nowdays almost people know about SEO, but there’s some people don’t know about that, so today we will tell you about SEO for beginner. Lets see it.
Search Engine Optimisation ( SEO ) in 2016 is a technical, analytical and creative process to improve the visibility of a website in search engines, with the aim of driving more potential customers to it. SEO is the acronym for search engine optimisation. Search engine optimisation is the process of optimising your website and its content so that it can easily be indexed by search engines.
As a beginner to search engine optimization (SEO) you need to understand that there is no magic way to rank your web site in the first page of Google, Bing or Yahoo. Search engines are governed by complex algorithms and it takes a lot of effort to ‘convince’ them that your web site or page deserves one of the top spots.
Nevertheless, there are certain rules you can follow to optimize your web site and provide the bots with the necessary signals. While the web is floated with SEO tips and advice these are explained in a theoretical level and not how they can be applied in practice. In my opinion, this is why most web site owners are confused and they either give up with SEO or simply do not get the expected results.
Page titles
Page titles are a very important aspect of SEO and this is why it is first on the list. My findings the last couple of months show that page titles are more important than ever especially for Google SEO. Exact page titles for low volume keywords can give you a competitive advantage in search results but this is something I will discuss in another post. For now the most important characteristics of a page title are:
Home page title: The title for your homepage can list the name of your website/business and could include other bits of important information like the physical location of the business or maybe a few of its main focuses or offerings. For example:
Post/other pages title:
Title of other posts/pages of your web site should accurately describe what the page is about and be attractive for the searcher.
Description
A page’s description meta tag is also very important. It gives users, Google and other search engines a summary of what the page is about. Google may choose to show what you type in the description as a snippets for your page or may decide to use a part of your page’s content. In other words it does not mean that what you write in the description will show in the snippet. The guidelines for writing a good description are:
You can see from the examples above how I use the description tag for my pages.
The permanent link structure is a term used to describe the format of URLS for pages (categories/tags) or individual posts of a web site. It is shown in the browser address bar and in the search results (below the page title).
Guidelines for optimized link structure
Examples of BAD url structures
Examples of GOOD url structures
When we talk about internal links we mean links in a page that point to other pages within the web site i.e. not external links. In the example below when you click on the link with anchor “increase the intensity” you will be redirected to a page with-in the web site to find out more information on how to increase the intensity of an exercise.
Internal linking is a very important factor for web site SEO but still many web site owners are not using it correctly. The rules to follow for internal links are simple:
Don’t always link old posts from new posts but every couple of weeks go back and link newer posts from older posts. It’s not an easy task to do especially if you have a lot of posts but it’s a very valuable tool for on-site SEO.
Don’t just publish text on your web site without first doing some basic formatting. This is not good for the user experience and works against your SEO efforts. General guidelines for formatting a post or page on your web site:
When formatting your posts always have in mind the user experience. Can the user identify the main sections of your post (H2 tags) just by looking at the page? Is the text easy to read even on other devices
SEO is about improving the user experience and a proper 404 page contributes to that goal. The 404 page is the page shown when a user is looking for a page on your site that doesn’t exist or mistypes a URL or follows a broken link. When the 404 page is not configured looks like this:
This is not useful for the user and negatively impacts the user experience.
A properly configured 404 page should:
If you are using a professional theme (like Thesis), it takes care of the 404 page. This is how my 404 page looks like:
Images are sometimes necessary to enhance the user experience but care should be taken not to create other side effects like problems with page load speed or slow response. Especially after the success of Pinterest many webmasters started using more images in their posts. If you do decide to use images, mind the following:
Google has many times said that page speed is a ranking factor and yet many webmasters don’t optimize their web sites for speed. Their aim (Google’s) is to provide the searcher with the most accurate results in the fastest possible way. It is certain that page speed (as a ranking factor) will gain more importance in the next couple of years.
Fast web sites improve the user experience and it is a factor to encourage the visitor to come again. In addition, a web site that loads in less than 8 seconds is more likely to:
How to tackle the page speed problem?
What is Google authorship status?
It’s a way to bind your content with your Google+ profile. When you do that successfully your picture appears in the Google search results next to your content (see example with my picture above)
How Google authorship status relates to Search Engine Optimization?
A significant number of searches performed each day are through mobile devices. Many studies over the last 6 months identified that the number of searches using smartphones is steadily increasing especially when it comes to making online purchases.
I am sure that if you have a look at your analytics data you will see a good percentage of your daily visits coming from mobile. In the example demonstrated below, almost 30% of the traffic is from mobile with Apple products (iPhone, iPod and iPad) being on the top positions
It’s not in the scope of this post to go in detail into mobile SEO but there some simple steps to follow to ensure that you web site is mobile friendly.
A sitemap is a list of all posts/pages of your web site. You need 2 types of sitemaps. First an xml sitemap to submit to Google, Bing and other search engines and second an html sitemap to help visitors find your content easier. It is recommended to place a link to your user sitemap from the main menu.