Ten must things to do for website security
In the ever changing world of world wide web, it is imerative to give a utmost importance to website security, both hosting as well as in coding. The steps taken will ensure trouble free website working as well as minimizing the chances of your sites getting hacked, XSS and code insertion and injections. Following are some of the steps one can take to increase website security;
- Always use combination of uppercase, lowercase, numbers and special characters when assigning passwords to hosting accounts, FTP accounts and back-end log ins to your websites and or web applications.
- Never use or give your master hosting account, which in most cases is also the master FTP account with full access to hosting space.
- Always create a secondary FTP account when doing changes to website, be that be you or your services provider.
- Change passwords monthly and try to have different passwords for FTP and Databases.
- Try not to use easy guessable passwords such as your name, site name, telephone numbers, children name etc.
- Do a website security audit to look for loopholes such as open ports, writable directories etc
- Never permanently place PHP info file on the server as this can lead to passage of valuable information, which hackers can use to their advantage.
- Regularly check for XSS, SQL injections.
- Always limit file upload options and prohibit uploading of files through forms. This will greatly decrease chances of hacking and exploits by pros.
- Always have a intrusion detection system in place, like PHPIDS
- Check your server access logs if something goes wrong.
- Follow strict coding practices and always try to close loopholes in your coding.
- Log IP for direct access to writable directories.
- And the most important disable directory browsing on your server.
- Use .htaccess to deny access to crucial system directories and writable folders and password protect the back-end folder.
- Place scripts to send alerts if files are created or modified on the server, this way you can salvage early and be ahead of the exploits.