Web Security Service You may not think your site has anything worth being hacked for, but websites are compromised all the time. More of website security site are not to steal your data with your website layout, But instead attempts to use your server as an email replay for spam, or to set up a temporary web server, normally to serve files of an illegal nature. Other very common system to abuse machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware.

Are You think your site has being hacked.But its a very problem.More of the website not to steal Security you web data. Instead to use you server as an email for spam or set up a temporary web server,Hacking is regularly performed by automated scripts written to scour the internet in an attempt to exploit known website security issues in software.so we are share 5 tips hare how to safe your website.

*Keep to Update software.

When you website use more of software it's keep all software update than keeping you site update.Software are to both the server operating system and any software you may be running on your website as a CMS or forum.Must be website security are found in software make up-date.You don't need to worry because security updates for the operating system as the hosting company should take care of this (NaN Host Hosting company).Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbra-co and many other CMSes notify you of available system updates when you log developers use tools like Composer, npm, or Ruby Gems to manage their software dependencies, and security vulnerabilities appearing in a package you depend on but aren't paying any attention to is one of the easiest ways to get caught out.

* Watch out for SQL injection

Hacker use a web form or URL parameter to access you website database they try to SQL Injection.So when you standard transact SQL it is easy to insert your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries.

Hacker use a web form or URL parameter to access you website database they try to SQL Injection.So when you standard transact SQL it is easy to insert your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries.

*Use your passwords

We are know passwords use should be strong that a securate password.use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.Someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as encrypting them is not possible.When using salted passwords, the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password.

* Secury Must be Use HTTPS

HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees that users are talking to the server they expect, and that nobody else can intercept or change the content they're seeing in transit.Many company provide https thats meant SSL provide company (NaN Host. It's highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too.When login form will often set a cookie for example, which is sent with every other request to your site that a logged-in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site. Many of top ssl certificate providers company provide security

Note: Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. Insecure HTTP is on its way out, and now's the time to upgrade.

When using HTTPS everywhere- Go further and look at setting up HTTP Strict Transport Security (HSTS), You easy use header you can add to your server responses to disallow insecure HTTP for your entire domain.

*Carefully file uploads

User allow to upload files to website can be a big website security risk if it’s simply to change their avatar. The risk is that any file uploaded, however innocent it may look, could contain a script that executed on your server images formats allow storing a comment section that could contain PHP code that could be executed by the server.but don't rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not foolproof. Most images formats allow storing a comment section that could contain PHP code that could be executed by the server.Example, chmod 0666 so it can't be executed. If using *nix, you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

If you are hosting your website on your own server then there are few things you will want to Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarized Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don't have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP

At-last,You don't forget about restricting physical access to your server.

So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or uploading a server side script.