How to prevent website hackers?

Discussion in 'Development Options' started by Parth, Oct 22, 2017.

  1. Parth

    Parth Member

    Joined:
    Jul 9, 2017
    Messages:
    50
    Likes Received:
    14
    Trophy Points:
    8
    Location:
    BC
    Let me state right away that I realize it's impossible to bulletproof your website from potential threats. But lately, hackers are getting in because the companies' website development failed to implement basic safety measures and correct the bugs that allowed the breach. The most recent example is T-mobile where all the hacker needed was user's phone number and T-mobile should have found the bug by monitoring for abuse. Another more critical example is Experian who knew about the issue, but allowed it to go on and on.

    Bugs are bound to happen and hackers are going to hack. What are the best practices that website developers and owners should implement?
     
  2. marsh

    marsh Kenya Active Member

    Joined:
    Dec 23, 2016
    Messages:
    227
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    TA
    In every sense, I think T-mobile erred in not securing user's data. How much have/did they incur in law suits? I would think that in this case, the bug would have been noticed and prevented, even before everything went too far. As an internet user, I ensure that I use complex passwords that neither capture my age, date and year of birth and so on and so forth.
     
  3. Foroux

    Foroux Member

    Joined:
    Jul 15, 2017
    Messages:
    81
    Likes Received:
    26
    Trophy Points:
    18
    Location:
    US
    I'm not a website developer exactly, but I take care of two WordPress blogs that are hosted elsewhere. Both have the SSL certificate. I keep WordPress, my themes, and all plugins updated. I locked down my login page and use two factor authentication (which annoys me to no end) plus I keep everything backed up religiously just in case something goes wrong. The hosting company backs everything up as well. I'm sure there's something I'm forgetting, but that's the gist of it. I don't have a shopping cart which I thought helped, but then I've seen others here have fended off hacking attempts even though they don't have a shopping cart either. I'm guessing those owners have more popular sites.
     
  4. Swisslist

    Swisslist United States Member

    Joined:
    May 10, 2016
    Messages:
    155
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    U.S.A.
    Given the examples that you gave here, companies need to start with one thing: They need to care about their customers. That obviously wasn't the case with either of those companies..
     
    Parth likes this.
  5. Abhijit

    Abhijit United States Member

    Joined:
    Sep 20, 2017
    Messages:
    33
    Likes Received:
    9
    Trophy Points:
    8
    Location:
    US
    I believe that you are going about protection in a good way. You can only do what you can do to keep hackers from getting into your site and causing problems. SSL certificates are the first step, keeping things updated and two-factor authentication all will help. No one is immune!
     
  6. Parth

    Parth Member

    Joined:
    Jul 9, 2017
    Messages:
    50
    Likes Received:
    14
    Trophy Points:
    8
    Location:
    BC
    That is an amazing point! I think you're right. They really just don't care. Although, I think T-Mobile immediately jumped in to fix things and alert their customers, whereas, Experian's leaders chose to sell their stock and keep quiet. Both hacks occurred due to sloppiness though.