Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

How to prevent your website against hackers?

How to prevent your website against hackers?

We do not many cases but there is always a website was hacked and asked the same questions, how was my website hacked? And how to protect them?

malwareThere are a few reasons for your website was hacked. Occasionally, we can only share the possibilities until further investigation like checking the log files.

It is difficult to eliminate totally but we suggest you protect them. This will make hacking difficult or not possible.

Hackers are looking for backdoors to penetrate your website, only if you can shut it,  Here are some inexpensive ways to protect your website.

  • updated script and plugins – if you are using WordPress, Joomla or similar, always have up-to-date CMS, plugins and the PHP.
  • Limited your SQL connection or to local connection only.
  • Restrict your administration login page.
  • Use malware scanner to scan your website daily during off-peak.
  • Use WAF like Sucuri Firewall, you update less often which is useful to some.
  • Computers access to the website backend and control panel must install and scan by a good anti-virus/malware and up-to-date definition.
  • Use Strong Password for all users.
  • A penetration test. You can find a free solution online.
  • Use mod_security cPHulk brute-Force or Fail2ban – these can be found in popular cPanel or Plesk Onyx.
  • Use Firewall like CSF or APF. However, I don’t really recommend a software firewall. They can paralyse the website if you are under attacks while it takes resources from your server.

Lastly, you always have a backup copy can restore an up-to-date website.

Sucuri Firewall Pro is better?

Sucuri Firewall Pro is better?

Sucuri Firewall Pro is better? Yes, in a way. It depends on the users, and on how he or she is managing the website. However, I personally feel Sucuri is better and can be better.

In the market, Sucuri is not the only one markets website protection. There is big name like Cloudflare, Stachpath and others. But my discussion is on Sucuri today, and the Pro plan. They don’t have a free plan like Cloudflare. For their plans: You can find it here

I set up and use most, Actually, they do the job. However, I like Sucuri. The set up gives me a feeling that it is more secure for those choose to use their own DNS. The website webroot point to Sucuri proxy, not to your source. In this way, it is difficult to find your source IP and attack it.

sucuri firewallEven your source IP is exposed, you can protect your web server only allowing sucuri proxies to access it. It is strongly recommended that you do that. When you are using a firewall proxy, your log will show the proxy IP instead. Sucuri has a tutorial on this, how The X-forward can be found here for the most web server.

Sucuri Package from us comes with monitoring too. You can check your website is status and infected by malware or not as little as 6 hours interval.

Most website proxies include CDN. With the feature, it speeds up your website. A bigger brand has more POP than Sucuri. However, never get the impression that the site responds faster. For example, my website vastspace.net scores 86 in Pingdom speed test with Sucuri and 72 only with the other firewall. Test location for both set up was the same. To confirm, I used GTmetrix, Yslow is 81 and 89 with Sucuri.

I feel too the website has loaded faster even the load time at GTmetrix has proven.  I’m not sure you have to pay more to improve loading speed (image loading speed for example) if this is the case, Sucuri is cheaper.

Sucuri is easy to understand and straight forward to most as compared to many web firewall. I found what I need, I have tried some web protection GUI. I’m either overwhelmed by the clickable icons or they have limited features. Actually, the worst feelings are having to pay for a particular feature. In my opinion, do not put them there but sell them as the addons.

Like I have mentioned, this is my opinion. Sucuri is value for money. It costs lesser than most, you will get website protection and speed. It is worth considering.