How can I secure my website?
-
Hi, I hope you are doing well. I wanted to ask you how I secure my website whenever I have SLL but how can I make more secure my website? I hope I will like anyone's reply. thanks in advance
This is my website: https://www.myqurantutor.com/
-
This post is deleted! -
Hi again,
I found this article very good and in-depth: https://kinsta.com/blog/wordpress-security/
We host around 300 WordPress websites and they do get attacked all the time. Any on cheap hosting plans do get hacked. So we have an Optimised WordPress hosting service with a hack protection guarantee. So, in a nutshell, the host is a huge factor. Plus a decent host will be faster, so that will help SEO.
I hope this helps?
-
Well, to prevent information / data leakage you should certainly disable directory browsing
For example, on your homepage I can right-click your logo image and copy the image URL: https://www.myqurantutor.com/wp-content/uploads/2019/07/MY-QURAN-TUTOR-LOGO-400x56.png
But I can edit the link to the directory level, for example:
https://www.myqurantutor.com/wp-content/uploads/
Now I can see all your uploads, ever:
- https://d.pr/i/C7DTY4.png (screenshot)
I can browse all your folders, even some backup files. There's also some info I can use to fingerprint your site build if I want to. To patch this, usually all you have to do its add "Options -Indexes" to your .htaccess file
I didn't detect a firewall shielding your site, which would make it way easier to DDoS if someone wanted to do that. Some kind of firewall or traffic offloading facility might be useful
Your site isn't using an HSTS entry ("Strict-Transport-Security") in the header so browsers can attempt to connect via HTTP without being intercepted (though you may handle that via redirects instead, an HSTS policy helps). You don't seem to be using "X-Frame-Options" in your header which helps browsers to know, whether content from your site can be rendered inside of frames (on other domains). If you allow frame embeds, that can lead to clickjacking and stuff (though for some webmasters there's no real way around it as allowing their site's content to be embedded, may be a requirement)
I can't really find any fields which seem as if they would be vulnerable to SQL injection, but I'm not really an expert at scanning for that kind of thing. I'd assuredly lock down the site from an SQL-I perspective, if you haven't done so already
-
0327
-
03398
-
03204
-
03347
-
0614.4k
-
052.6k
-
04756
-
0111.5k