5 Security Vulnerabilities You Can Fix Right Now

By SmartScanner

We usually think security and hacking are complicated—at least it’s super geeky in movies—but you will be surprised to see how easy you can fix some security problems even without programming knowledge. Let’s review and fix them right away.

Weak Password

Do you use 123456 to login into your website? Change it now! Easy passwords can be guessed and cracked in minutes. You should use strong and unique passwords for any of your accounts. To have a strong password, always use a long, hard to guess passphrase.

Outdated Application

Outdated applications are like open doors for hackers to break in. Hackers search the whole Internet for outdated applications of any kind (web server, CMS, router, etc.). If you’re using outdated software, you’ve already become a target for hackers. Modern applications like WordPress and Joomla! provide one-click auto-update features to make our life much easier. If your site is one of them, login into your administration panel and check for available updates.

Directory listing

Does your website display a list of files and folders when the URL ends with a slash (/)? If yes, you have a directory listing issue you need to fix.

A universal and easy fix for this issue is to login into your website hosting panel and create an empty file named index.html inside every directory that doesn’t have one. Try not to override files to prevent unwanted damages to your website.

NOTE: It’s better to ask your web hosting provider for the specific instructions for your website to have a permanent fix for the directory listing problem.

Hidden Pages or Functionalities

Let’s say you have a secret page on your website that you’re the only one who knows its URL. If you believe no other one can access it because they don’t know the URL, you’re wrong! Obscuring a resource does not make it secure. Because hackers can find hidden pages by trying many different URLs. Furthermore, the secret URL you access will be reported and recorded in many places like web server logs and referrer headers where others can see it.

Common example of hidden pages are debug pages like phpInfo(), beta versions, hidden administration pages and pre-production features. Immediately delete such pages from your website or use password protection for them.

Backup files

Taking regular backups is a must. But leaving backup files under the web directory where they are accessible over the Internet, is a bad habit you have to quit. Backups contain source code and config files that can reveal secrets like the source codes, password of your database and protected directories.

Common backup formats are:

  • Compressed files like .rar, .zip, .gz and .tar
  • .bak
  • .tmp
  • .gho
  • .001
  • .bac

Search for the above file types in your web hosting panel and make sure they are not publicly accessible over the web. Also, If you use a compressed file for transferring resources to your web hosting, do not forget to remove the compressed archive after extracting files.

Bonus: Always use HTTPS

Do you still use http:// (without S) for viewing your website in the browser? The HTTP protocol transfers everything in plain text. That means anyone between your system and the target website can see everything, as well as your password!

Next time you want to access any web page, always use the httpS:// instead of http://

We didn’t cover many other vulnerabilities that require time and technical skills to fix. To keep your site safe and protected, always use up-to-date applications and regularly scan for vulnerabilities.

Do you know any other easy-to-fix issues to add? share it

Scan security of your website with SmartScanner for free

Download