5 Ways
to Protect Your Site Immediately

Malicious programs, hacking a site by hackers, and even the revenge of former employees are examples of risks that any site owner may face sooner or later. This article will not be a detailed analysis of all types of threats or a large list of ways to protect yourself. The purpose of this article is to give some tips on what you can do right now to strengthen the protection of your site.

Hacking protection

The hacker’s goal is to gain access to the site under the guise of an administrator or registered user.

What does it threaten

Hacking a site can lead to loss of control over it, access to financial information and payments redirecting, registered users data leakage. In addition, it’s possible to implement codes or links on the site designed to redirect your users and customers to the attacker's site.

What to do immediately

Check the list of registered users.. This can be done in the content management system. The task is to make sure that there are no unfamiliar accounts in the list. Or remove them from the database, if detected.

User verification on the example of CMS Bitrix: Settings> Users> User List

Update passwords. There are 2 conditions that must be observed to protect the site from hacking: to change access regularly and to use complex passwords that are not repeated anywhere else.

For reliability, use a random password generator, for example https://passwordsgenerator.net/en/

Tip: Do not pass passwords through instant messengers.

Copy protection

Copying text on a site is not as scary as a hack or hacker attack, but it can also cause trouble to the owner. Especially when it comes to sites with a lot of content.

What does it threaten

Site information duplication on other resources can affect SEO - the uniqueness of the text affects the position in the search engines. This is especially true for new sites that have not yet managed to gain confidence.

What to do immediately

You need to warn Yandex about the text authorship using https://webmaster.yandex.ru/site/info/original-texts/ (before publication) and to index the page with the article on Google https://search.google.com/ (after publication). Robots will process the data and determine the author of the material.

Google in this case is not so reliable, because after the article publication you can get ahead with indexing, but it’s in any case better than not doing anything.

Virus protection

Downloading and installing unlicensed software, placing unverified files in the site structure, advertising on the site from unverified partners, etc. can lead to a virus problem.

What does it threaten

Blocking of the site work, loss of access to the control panel or database, loss of control over the site, access to sensitive data transfer, including contacts and payment card numbers.

What to do immediately

1. Scan the computers of employees who have access to the site with any antivirus
2. Check the site for viruses using the service Antivirus-alarm.ru

Protection against unwanted changes

If the previous tips were related to outside interference, this item may be related to the systematic employees work. Incorrect implementation of new functionality, accidental erasure of files and lines of code can lead to errors on the site, and there will be no possibility to “roll back” changes.

What does it threaten

Loss of data, malfunction of individual sections or the site as a whole, and in the worst case - the loss of a site without the possibility of its recovery.

What to do immediately

Connect backup, which will regularly make copies of the site and store them for a certain period of time. In case of unwanted changes, the site can be restored from a backup made before they were made.

Copying can be configured in some site management systems (for example, Bitrix), but we recommend storing backups on a separate server. This will provide additional protection in the event of access to the site by third parties, as well as in case of problems on the main site server.

DDOS attack protection

DDOS attack is an attempt to create a “denial of service”, to make the site inaccessible to end users. Most often, attackers generate a large number of requests to the site, causing it to be congested.

What does it threaten

Site inaccessibility for users, work blocking.

What to do immediately

Analyze the site’s speed: https://developers.google.com/speed/pagespeed/insights/
Find out the most resource-intensive sections or features. As a rule, it’s a search across the site, directories downloading or filters operation. Since the goal of the attack is to maximize the number of complex queries to the database, the weaknesses will be attacked firstly.

This tip will not protect against DDoS, but will allow you to prepare for it. When you notice a suspiciously large number of similar requests, the “complex” functionality can be temporarily disabled. This will save the site and gain time to solve the problem.