This the second article in a series about protecting your website, the first article published was about stopping content stealers who damage your website with duplicate content issues.
Stopping the hackers getting into your website is obviously hugely important. Here are a few methods to protect yourself and keep your website secure.
Passwords
Change them often for the login to your website. Make them strong so use lots of letters, numbers and symbols. It may be a pain but for something so simple and important it must be done.
Index.html In All Folders
For every folder on your server make sure it has a blank index.html, otherwise if a hacker visits the folder directly they will be able to see all other files inside the folder.
Monitor Error Log
Check your stats, or 'Error Log' and keep an eye on it. You may spot hackers trying to find web based programs on your site to later attempt to use them. Alternatively you may also find missing files, images not loading etc which is good to locate to improve your users experience.
Htaccess File
Use the .htaccess file on your hosting.
Stop kiddie hackers with this code:
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)=http: [NC]
RewriteRule ^(.*)$ - [F,L]Stop other people viewing the content of your htaccess file with this code (do the same for any other file just change the name):
<files .htaccess>
order allow,deny
deny from all
</files>Block IP addresses with this code:
Order Deny,Allow
Deny from ENTER IP HERERobots File
Use your robots.txt file to prevent indexing of important folders and files on your website. Here is the code, change folder names to your own. Learn more about this at robotstxt.org
User-agent: *
Disallow: /folder-name/
Disallow: /folder-name1/
Disallow: /folder-name2/Chmod Permissions (Unix servers only, not Windows)
Change the permission of your files to 644 when possible. This basically means the owner gets 'read and write access', but all other users only get 'read' access preventing programs from running. Obviously if you have a shopping cart script and other functions it may not be possible to have all files 644. You don't want to leave files unnecessarily vulnerable so have the right chmod in place when possible.
SSL
Try and use SSL on your whole website, not just during payments. You may need to pay extra for this so enquire with your web host provider about whether it is possible and for how much.
Backups
Remember to also do regular back-ups of your website should anything happen to it.
Your PC
Make sure it is free of viruses and well protected. Always update and run anti-virus software as often as possible. If your computer is hacked they could get the details to hack your website as well.
1 Comment Posted
Very nice article. I really like your tips and from now on I will follow them especially the tactic of Htaccess File. I appreciate your article. Thanks.
Add Your Comment To This Page!