While the media tends to focus only on security breaches affecting major businesses, even small websites can be the target of hacking.
There are many reasons why a hacker might think it worthwhile to target your website, no matter how small. While many hacking attempts target credit card information or other sensitive data, others aim to take hold of a server's resources to send spam email or distribute files of an illegal nature. At SiteCenter we take website security very seriously, and take a number of steps to make sure that every website we build is as secure as possible:
Most website hacking is performed by automated scripts that are written specifically to target known exploits in widely-used open-source software. The most important way we defend the websites we build is therefore the fact that we use our own proprietary software. This means that our code can not be examined by hackers for potential weaknesses and that your website will not be targeted by automated scripts. Few hackers will make the effort to hack a website constructed with code with which only a handful of website are built, unless that website contains extremely valuable data.
We follow standard practice in maintaining secure PHP code that prevents MySQL injection, cross-site scripting and non-permitted file uploads.
In addition, and where the hosting environment permits, core settings such as database passwords are stored in files that are located in a different IP address from websites, meaning that such information is absolutely inaccessible to hackers.
All form input fields feature HTML character stripping and string length validation to prevent MySQL injections. In addition, for forms such as a user login form, error message are intentionally vague to prevent repeated manual hacking attempts. For example, if a password is incorrect, the user will not be told whether or not their username is also correct or incorrect.
The Website Dashboard we provide for administering your website uses a number of enhanced security measures, in addition to those above. For example, passwords associated with Dashboard Users are encrypted and are therefore unable to be known even by someone who can access the website's database.
Where sensitive data, for example credit card details, is being sent to or from a website, we will use a Secure Sockets Layer (SSL) to fully encrypt such data and therefore prevent it from being intercepted.