Here are some of the steps that you can take to protect your website.
how hackers hack the websites? How hackers hack the computers?
Type of hacking for computers is entirely different to that of website. In case of websites the following type of security issues lead to website hacking. Note that these can affect single website alone or the cluster of websites hosted on the server.
1. XSS Cross Site Scripting In this type of security attack, the websites pages URL request are forged. And this way often the user data is compromised. For example some website has login dashboard page and if there XSS issue in that page's script then it'd result in authentication details being compromised.
2. SQL Injection Most common type of security attack on social network websites or the small websites with insecure web forms. This type of attack adds the additional sql query inside the web form request. Web form could be harmless like contact form or some login info. It is used to gain access to the SQL database and then to further run scripts that may damage website or server.
3. DDOS Attack Another security hack that leads to the website becoming unresponsive. If continued this attack leads to web-server going down. Usually these attacks are taken care of at server level. But they do exist to date and makes it really hard for many websites and servers to bypass such attacks.
4. Authentication & Session attack These sort of attack require some script from the browser to be run while executing the session which traps the users. This can be serious issue and often the websites will reset password and even ask for SMS authentication to verify the users.
There are few other types of common security attacks like clickjacking, DNS cache flaw, URL hijack, script overwriting and others. The most common security flaws that affect every website are listed above. So make sure any CMS that you use can stand against these four.
How to avoid them? What are the steps or measures to be taken to avoid our blog or website or computer from getting hacked?
Some of the website security issues can be patched from the server level. Some of the security issues however require you to take steps on your end.
1. Update your CMS if you're using WordPress, Joomla or any other script.
2. If your server still has old PHP version, then don't forget to update it.
3. Update your back-end database version and apply the security patches as it comes.
4. Use complicated and long passwords. Make sure you use symbol, numbers and letters combination.
5. Make sure your web forms are secure so that you have no sql injection issue.
6. Use HTTPS if your website uses any login system or money transfer or credit card system.
7. Use cloudflare or server level DNS protection for DDOS attacks.
8. If you are using any language specific feature (say php or rails or python) that has security issue, make sure to update with patch.
These are some of the common steps that you can take to avoid getting hacked.
Is it https platform secure for such act?
HTTPS is a protocol that makes sure that the GET and POST request made from user side are encrypted. So it makes sure that your content is secure to and from server.
You can apply HTTPS to your website if you use "Let's encrypt" certificate. Most of the cpanel hosts offer this free service on their hosting account.