Programmer at work photo

Photo by Crew on Unsplash

Unfortunately for their owners, websites get compromised every day. We know how frustrating it is to lose the content you work so hard on to the attack. So we gathered 10 practices to keep your website protected from hackers.

1. Strong passwords

Secure password consist of random letters, figures, and special symbols. They should be long, frequently changed and never reused. That’s all in theory but in practice everything is different. I believe you will agree with me it’s impossible to keep in memory all your passwords for numerous accounts and it’s not how usable technology should work. So a number one tip is to use a strong password along with a password manager. You can find an in-depth description of every reputable password manager at and make sure you use only high-security authentication tools.

2. Protected admin area

To prevent unauthorized access to your admin area hide the login page. If your username is “admin” or ”administrator”, change it to something less hackable and limit the number of login attempts. It is also a good idea to change the default database prefix for that matter. There are plugins that will help you achieve all of the above.

3. SSL installation

SSL is used to establish an encrypted connection between the visitor’s browser and the server and prevents hackers from stealing the transmitted data. Moreover, in 2018 Google labeled all HTTP websites as “not secure”. So having an SSL certificate shows your visitors that your website can be trusted.

4. Security applications and plugins

Both free and paid for security tools provide an additional level of protection for your website by addressing security vulnerabilities and helping against automatic attacks. It is nevertheless worthwhile to consider all of the advantages and pitfalls of each application, so you can check websites like and similar for this reason.

5. Updated software

It’s important to keep every software product updated and install new versions as soon as possible. Enable automatic updates or set up alerts, if such options exist. Especially when it goes to business processes

6. Managed user access

For better security adjust settings to control comments, user permissions, the visibility of information. You can assign different user roles for specific areas. Also, restrict direct access to uploaded files or prevent their execution.

7. Reliable hosting provider

If the server your website is hosted on is attacked and it’s not well protected, your website will go down. A good hosting company invests into server security. It should also offer technical support to help you with maintaining security checks, such as scanning your hosting account, which should be done regularly. Although a bit costly, it is preferable to have a dedicated server, where your website will not be affected by other users’ activity.

8. Server configuration file

A server config is a powerful tool that you can use to enhance the security of your website. It allows executing server rules and directives, such as disabling directory browsing, restricting access to the admin area and sensitive files, banning IP addresses, etc. If you are not tech-savvy enough, ask your website administrator or hosting provider for help.

9. Protection against XSS and SQL injection attacks

Hackers can use the web forms on your website to insert malicious code and access your database. In order to avoid that you need to use parameterized queries (i.e. specific parameters that are harder for hackers to meddle with) and CSP, which limits the execution of Javascript on your website.

10. Regular backups

If your website gets hacked, the best way to deal with that is to restore the data from the most recent backup. So whenever you make some changes on your website, back it up. It may seem like too much hustle, but recreating lost content from memory is much more difficult and time-consuming. Even if your hosting offers daily backups, it’s better to create your own. Store your backups both locally and in some remote location as a precaution.