How to Secure any Website from Hackers?

Last Updated on 8 months by Touhid

Website security refers to the protection of website from cyber attacks. Website security protects your website from different types of cyber threats such as malware, DDoS attack and SQL injection. In this article, we will discuss helpful tips on how to secure any website from hackers.

If your website is not secured then hackers or cyber criminals may hack your website and you will lose your information and traffic, which will impact on your business. So, it is very important to know how to secure your a website from hackers.

How to Secure Any Website?

The websites which are vulnerable can be attack anytime and anywhere. So, website security is important to protect your sensitive information and reputation of your business. Here, are the some useful tips on how to secure any website or application from attackers.

  1. Use Strong Password
  2. Use SSL Certificate
  3. Select Reputable Website Hosting Service Provider
  4. Keep Up To Date Your Website
  5. Back Up Your Site
  6. Scan Your Website Regularly
  7. Sign Out From Your Website
  8. Install Web Application Firewall
  9. Don’t Allow File Uploads On Your Site
  10. Install Security Plugins
  11. Never Open Suspicious Email
  12. Change Admin Folders Name
  13. Protect From Cross-Site Scripting (XSS) Attacks
  14. Protect From SQL Injection Attacks
  15. Keep Secure Web Server
  16. Keep Secure Database Server

How to secure any website from Hackers

1. Use Strong Password

This is the first tips for how to secure any website. To secure a website you should use unique and strong passwords for your website admin access, database, and web server. Never use an easy and simple password because these type of password can be compromised by hacker very easily.

So, create a strong password to secure a website using letters, numbers, and special characters and should change the password on a regular basis.


  • The password should contain uppercase letters (A – Z), lowercase letters (a – z), numbers (0 – 9)
  • Special character (@, #, $, %, ^, (,), &, *!) and
  • The password length should be at least 10 characters long.
  • Example: R#6^9gL@9%Dis a strong password and standard password for your website.

2. Use SSL Certificate

SSL stands for Secure Sockets Layer is a global standard security protocol which ensures that your website is secure. SSL creates a secure connection between a website and web browser. It ensuring that all information passed between a web server and browser remains encrypted and secure.

So, you should immediately purchase a SSL certificate for your website from a reputable service provider.  Here, are the top and most reliable SSL certificate provides are as follows:


If your website is secured by SSL certificate then a padlock is displayed on address bar and shows the URL as HTTPS instead of HTTP.

3. Select Reputable Website Hosting Service Provider

If someone ask me how to secure a website? I will suggest him, first select a reputable web service provider, who can provide you the best security of your website.

So, to select a reputable web hosting service provider is very important to secure any website or web based application.

Before hosting a website, you should ask the service provider about their security mechanism, backup policy, website availability and others tools they will use.

So, you have to select a reputable hosting service provider who has market experience and can guarantee maximum availability of your website.

There has some best website hosting service provider where you can host your website such as:

  1. GoDaddy
  2. Namecheap
  3. Bluehost
  4. HostGator
  5. Hostinger
  6. DreamHost
  7. A2 Web Hosting

4. Keep Up To Date Your Website

How to improve website security? To improve and protect website from intruders, make sure your website, plugins, operating system, security, and scripts are up to date. If your website’s software, security, web service and scripts are not updated then a hacker may take advantage of your website.

If you are using content management system such as WordPress, then ensure that your WordPress are the most updated version. Whenever an update version of WordPress is available, install it immediately.

5. Back Up Your Site

This is very important tips for your website security to take back up regularly. It will ensure that you can restore your website quickly whenever your site becomes inaccessible or your data has lost or has been hacked or malware infected.

Typically, your web hosting service provider will take backups of your website of their own servers. But it is better if you take backup your website files and database regularly to a secondary storage or any others external device.

6. Scan Your Website Regularly

To secure any website from malware attacks, you should scan your website and server regularly for potential vulnerabilities and malware.

There are number of scanning tools on the internet that you can use to detect vulnerabilities on your website and protect from different type’s malware.

Scan regularly to secure a website

The security tools used for website or application are as follows:

  • Scan My Server
  • Acunetix
  • Netsparker
  • SQLMap
  • W3af
  • Zed Attack Proxy (ZAP)
  • Kali
  • Sqlninja
  • OpenSSL
  • Hydra

7. Sign Out From Your Website

Sign out from a website or software is very important because it helps to prevent unauthorized access. When you have finished your work, you should always sign out even if you are using your own computer.

Your website must have a session management script which will automatically sign out after a certain amount of times of no activity.

8. Install Web Application Firewall

web application firewall or WAF is an application based cyber security tool which is designed to protect websites and applications by filtering, monitoring and blocking HTTP malicious traffic (e.g. Malware attack).

How to secure any website from malware attack? To secure a website from malicious attack you should use a web application firewall, which will protect your websites, apps, and the data.

Here is the list of some commercially used Web Application Firewalls is:

9. Don’t Allow File Uploads On Your Site

If you allowing people to upload their files to your website, then website automatically creates security vulnerability. The attacker may upload malicious script to your web server which will harm your website.

In that case, there has a chance to infect your website with malware attacks.


  • You can provide your email address to your website “contact” page, so that user can send their files via email rather than uploading to your website.
  • Then, you need to scan the files before opening using professional anti-virus software such as NortonBitdefenderKasperskyPandaESETAvastAVG.

10. Install Security Plugin

If your website is based on content management system such as WordPress, then you can improve your website with security plugins. In WordPress, there are number of security plugins which provide additional security from website hacking.

Here is the list of some security plugins for WordPress website are:

  • iThemes Security
  • Wordfence Security
  • Bulletproof Security
  • All In One WP Security & Firewall

Use security plugins to secure a website

11. Never Open Suspicious Email

If you receive an email from unknown source which seems suspicious e-mail, then don’t open it. A suspicious e-mail may contains a virus or malware script which can compromise your website security.

So, to secure a website you will never open that type of email and don’t download the infected email attachment.

12. Change Admin Folders Name

The sensitive folder name of website is “admin” or “root“, which is very convenient to use. If you don’t change the folder name then hacker can able to access your website files.

So, change the folder name of your website such as “New Folder (5)” or “account” which is very difficult to access for attackers.

13. Protect From Cross-Site Scripting (XSS) Attacks

Cross-site scripting is a web security vulnerability and client-side code injection attack which executes malicious scripts in a web browser.

A hacker finds a way to inserts malicious JavaScript code into your website, which can change the content of your website and steals sensitive information.

If you want to secure your website then you have to protect from Cross-site scripting attacks. Here are the some tips on how to protect from Cross-site scripting attacks

  • Install Firewalls
  • Sanitize your input data
  • Escaping user input data
  • Validating Input data

14. Protect From SQL Injection Attacks

SQL injection is the most common website hacking techniques used by hacker to control a website database to steal or damage the data such as passwords, credit card details, or personal user information.

In this technique, the attacker places the malicious script in SQL query, via web page input. It is occurs when a website or application fails to properly sanitize the SQL statements, so attacker can insert their own malicious SQL statements to access the database.

How to secure any website from SQL injection attacks? To protect from SQL injection attacks, you can apply the following prevention methods:

  • Use of Prepared Statements
  • Use a Web Application Firewall
  • Updating your system
  • Validating user input
  • Limiting privileges
  • Use Stored Procedures

A. Use of Prepared Statement

Prepared Statements is one of the best ways to prevent SQL injection attack which ensure that an attacker is not able to change the query, even if SQL commands are inserted by a hacker.

For example, if you’re using MySQLi in PHP then the code will be:

  1. $username = $_POST[“username”];
  2. $password = $_POST[“password”];
  3. $query = “SELECT * FROM user WHERE user.username = ? AND user.password = ?”;
  4. $stmt = $mysqli->prepare ($query)
  5. $stmt->bind_param(‘s’,$username);
  6. $stmt->bind_param(‘s’,$ password);
  7. $stmt->execute();
  8. $result = $stmt->get_results();

B. Use Web Application Firewall

In order to protect from SQL injection attack you can use a web application firewall or WAF which can detect and prevent SQL injections.

It has designed to secure a website and application by filtering, monitoring and blocking HTTP malicious traffic (e.g. Malware attack).

Use WAF to protect your application from hackers

C. Updating your system

If a website or application has vulnerabilities then a hacker can exploit the system using SQL injection. So, to protect from SQL injection attack you have to apply patches and updates your system with latest version.

15. Keep Secure Web Server

A Web Server is another important component of web infrastructure which is responsible for hosting a Web site and its related files and services. A  Web server administrator should perform the following tasks to keep secure any website.

  • Keep up to date the Operating System
  • Enable the security feature of  Web Server
  • Remove unnecessary services
  • Disable remote access
  • Install and monitor web application firewall
  • Install SSL certificate
  • Ensure dedicated servers for website
  • Keep separate user logins

16. Keep Secure Database Server 

You should ensure the security of your database server in order to protect a website or application from unauthorized access. A person such as database administrator should perform the following tasks to secure a website.

  • Use dedicated database server
  • Ensure data encryption
  • Secure login credentials
  • Ensure secure data access
  • Store and monitor database logs files


Finally, website security is important for website owner because if a website is hacked then it will loses the data with maximum traffic. In this post, we have given some best tips on how to secure any website from attackers or unauthorized access. Hope the article “how to secure any website” will be helpful for you.

Affiliate Disclosure : Cyberthreatportal is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for website owners to earn advertising fees by advertising and linking to

Add a Comment

Your email address will not be published. Required fields are marked *