­

Top-Rated Website Security Features List

  • Emergency Off-Line switch to put your site securely off-line in the case of an attack
  • Protection of its configuration with a Master Password
  • ACL: fine-grained control over which features each user can access
  • Protect access to your administrator directory with a username and password
  • Change your Super Administrator ID
  • Fix the permissions of all files and directories on your server or apply your own configurable, custom permissions down to file and directory level
  • Automatically rewrite links pointing to your old site's domain name / directory to point to your new domain name / directory
  • Automatically convert all links of insecure (HTTP) items to HTTPS when your site is accessed over SSL
  • One-click purge of your temporary directory
  • Change your database collation (MySQL only)
  • Repair and optimize all of your site's tables (MySQL only)
  • Purge and optimize the sessions table with a single click (MySQL only)
  • URL redirection with features beyond even what the core has to offer
  • Scheduled cleanup of your temporary directory
  • Scheduled optimization of your sessions table (MySQL only)
  • Scheduled purge of your sessions table (MySQL only)
  • Automatic migration of hard-coded URLs in your articles, modules and everywhere when you change your site's domain name/location
  • CSS and JavaScript aggregation to speed up your site
  • PHP file changes and security scan

 

 .htaccess and NginX Configuration

  • Disable directory listings
  • Protect against common file injection attacks
  • Disable PHP Easter Eggs
  • Block access to security-sensitive files such as htaccess.txt, configuration.php-dist and php.ini in your site's root
  • Block specific user agents
  • Protection against direct access to PHP file. It can even block access to uploaded hacking scripts, mitigating the attack.
  • Force index.php parsing before index.html
  • Optimize expiration time (good for SEO)
  • Automatically compress static resources such as images, CSS, JS
  • Redirect index.php to site root
  • Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com
  • Redirect old domain name to new domain name
  • Force HTTPS for specific URLs, even when core doesn't let you to
  • Force HSTS header for increased HTTPS security

(View the Google security videos below)

 

 

 Web Application Firewall

  • Customized exceptions, down to the component, view or query string level
  • Full logging of security exceptions
  • Send out an email when a security exception occurs
  • Geographic Blocking: prevent access to your site by specific countries or continents
  • IP black-listing: prevent access to your site by specific IP addresses or blocks of IP addresses
  • Administrator IP whitelist: only allow access to your site's administrator section by specific blocks of IP addresses
  • Administrator secret URL parameter. You can only see the administrator login page if you append ?secretWord to the URL (the secret word can be customized)
  • Change administrator login URL (e.g. use http://www.example.com/mylogin instead of http://www.example.com/administrator)
  • Send email on successful or failed administrator login
  • Customizable email templates and rate throttling for Admin Tools emails
  • Forbid front-end Super Administrator login to deter brute-force password cracking
  • SQLiShield protection against SQL injection attacks
  • Cross Site Scripting block (XSSShield)
  • Malicious User Agent block (MUAShield)
  • CSRF/Anti-spam form protection (CSRFShield)
  • Remote File Inclusion block (RFIShield)
  • Direct File Inclusion shield (DFIShield)
  • Uploads scanner (UploadShield)
  • Anti-spam filtering based on Bad Words list
  • Hide/customize generator meta tag
  • Block access to core extensions installer
  • Disable editing backend users' properties
  • X-Content-Encoded-By HTTP header content for GZip compression customization
  • X-Powered-By HTTP header override
  • Block tmpl=foo system template switch
  • Block template=foo site template switch
  • Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory
  • Auto-ban IPs causing excessive security exceptions (fully customizable)

 

The following Google videos explain the extensive amount of time and costs involved with trying to fix a hacked website!

 

Your number one priority should be to prevent any security holes in your website. If your website gets hacked, then you will spend endless amounts of time and money trying to repair the damage done by the hackers and spammers! And that's IF you even know how to detect that your website's been hacked and IF the damage done can be repaired! This is why our website security features are extremely important by helping prevent your website from being hacked!!

NOTE: The automated security software on our sites will greatly enhance your website's security but it is not possible for any software to prevent 100% of all known and yet-to-be-known attacks. This is why website software needs to be updated regularly and you must keep copies of recent backups for your website.

 

Google help for hacked sites:
Overview

 

 

Google help for hacked sites:
Contact your host and build a support team

 

 

Google help for hacked sites:
Quarantine your site

 

 

Google help for hacked sites:
Assess the damage (hacked with spam)

 

 

Google help for hacked sites:
Assess the damage (hacked with malware)

 

 

Google help for hacked sites:
File system damage assessment

 

 

Google help for hacked sites:
Identify the vulnerability

 

 

Google help for hacked sites:
Clean and maintain your site

 

 

­