A site can never be 100% hack proof. Even big companies like Facebook and Google gets hacked. The only 100% way to not get your website hacked is to not have a website. Everyone would have implemented the 100% hack proof method if such thing existed for real.
But you can tighten your security by closing all the well known loop holes through which a website can be hacked. This will ensure that newbie hackers won't be able to hack your website. I will list some of the well known hacking methods with a short explanation of each.
1. SQL Injection attacks
SQL Injection attack is the most common website hacking technique. Most websites use Structured Query Language (SQL) to interact with databases. SQL allows the website to create, retrieve, update, and delete database records. It used for everything from logging a user into the website to storing details of an eCommerce transaction.
An SQL injection attack places SQL into a web form in an attempt to get the application to run it. For example, instead of typing plain text into a username or password field, a hacker may type in ‘ OR 1=1.
So if your sql query will be something like given below.
SELECT * FROM Customers WHERE Username='admin' AND (Password='' OR 1=1);
So using such method hacker will be able to login with a wrong password because password will always return true because 1=1.
2. Cross Site Scripting (XSS)
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.
Example Stealing Cookies Using XSS
Criminals often use XSS to steal cookies. This allows them to impersonate the victim. The attacker can send the cookie to their own server in many ways. One of them is to execute the following client-side script in the victim’s browser:
Users of a website are sent fraudulent emails that look like they have come from the website. The user is asked to divulge some information, such as their login details or personal information. The hacker can use this information to compromises the website.
To know more about those hacks you can visit here https://defencely.com/blog/10-popular-ways-hackers-hack-website/