How to prevent website hackers?

IT.com

Parth

Member
Let me state right away that I realize it's impossible to bulletproof your website from potential threats. But lately, hackers are getting in because the companies' website development failed to implement basic safety measures and correct the bugs that allowed the breach. The most recent example is T-mobile where all the hacker needed was user's phone number and T-mobile should have found the bug by monitoring for abuse. Another more critical example is Experian who knew about the issue, but allowed it to go on and on.

Bugs are bound to happen and hackers are going to hack. What are the best practices that website developers and owners should implement?
 
In every sense, I think T-mobile erred in not securing user's data. How much have/did they incur in law suits? I would think that in this case, the bug would have been noticed and prevented, even before everything went too far. As an internet user, I ensure that I use complex passwords that neither capture my age, date and year of birth and so on and so forth.
 
I'm not a website developer exactly, but I take care of two WordPress blogs that are hosted elsewhere. Both have the SSL certificate. I keep WordPress, my themes, and all plugins updated. I locked down my login page and use two factor authentication (which annoys me to no end) plus I keep everything backed up religiously just in case something goes wrong. The hosting company backs everything up as well. I'm sure there's something I'm forgetting, but that's the gist of it. I don't have a shopping cart which I thought helped, but then I've seen others here have fended off hacking attempts even though they don't have a shopping cart either. I'm guessing those owners have more popular sites.
 
Given the examples that you gave here, companies need to start with one thing: They need to care about their customers. That obviously wasn't the case with either of those companies..
 
I'm not a website developer exactly, but I take care of two WordPress blogs that are hosted elsewhere. Both have the SSL certificate. I keep WordPress, my themes, and all plugins updated. I locked down my login page and use two factor authentication (which annoys me to no end) plus I keep everything backed up religiously just in case something goes wrong. The hosting company backs everything up as well. I'm sure there's something I'm forgetting, but that's the gist of it. I don't have a shopping cart which I thought helped, but then I've seen others here have fended off hacking attempts even though they don't have a shopping cart either. I'm guessing those owners have more popular sites.

I believe that you are going about protection in a good way. You can only do what you can do to keep hackers from getting into your site and causing problems. SSL certificates are the first step, keeping things updated and two-factor authentication all will help. No one is immune!
 
Given the examples that you gave here, companies need to start with one thing: They need to care about their customers. That obviously wasn't the case with either of those companies..
That is an amazing point! I think you're right. They really just don't care. Although, I think T-Mobile immediately jumped in to fix things and alert their customers, whereas, Experian's leaders chose to sell their stock and keep quiet. Both hacks occurred due to sloppiness though.
 
Let me state right away that I realize it's impossible to bulletproof your website from potential threats. But lately, hackers are getting in because the companies' website development failed to implement basic safety measures and correct the bugs that allowed the breach. The most recent example is T-mobile where all the hacker needed was user's phone number and T-mobile should have found the bug by monitoring for abuse. Another more critical example is Experian who knew about the issue, but allowed it to go on and on.

Bugs are bound to happen and hackers are going to hack. What are the best practices that website developers and owners should implement?
many softwares are available to help prevent hacks
 

whois



Forums dedicated to Indian domain names, including buying, selling, appraising, developing, and monetizing.

About Us

Threads
29,388
Messages
76,792
Members
7,945
Latest member
nilamburfurniture
Top Bottom