one. Backup your website around the server.
If you have more than one important Web page, place them on unique Website hosts. Don’t rely on your web host for backups.
Uncover two diverse hosts which permit SSH access. Get an account with Each and every. FTP the backup of one site to one other server directly, and vice versa. Obtain copies to your house Pc too.
two. Set a file identified as ‘index.html’ in each and every major or significant directory in your site, if it doesn’t already have a single.
This stops people seeking to peek at other documents in the same Listing.
three. Usually do not use previous variations of FormMail. Don't use scripts which have been recently introduced, unless you know how to look for stability holes.
They must filter input like # or >. Search over the terms ‘Script Name bug’ or ‘Script Identify protection’.
four. Rename any electronic mail scripts you obtain ahead of installing them.
Why give a spammer a clue regarding what your script is, and what it can do?
5. Will not give documents or directories evident names, like ‘pass’, ’e-mail’, ‘orders’ as well as like.
Once more, why help it become simple for snoopers?
six. Usually do not go away unencrypted, private info on your server.
seven. Use a well known Website host.
That cheapo 1 may very well be an un-fully commited reseller. Their Google PageRank gives a clue as to how preferred they are. Send out them data analysis an electronic mail or two. See how long it will require to acquire a reply. Look into their message boards; how chaotic are they? They don’t have a Discussion board? Upcoming!
8. In case you are organising .htaccess data files or almost every other form of password safety, use extensive and assorted passwords.
“Ch33s3And0n10n” is a great deal more secure than “cheeseandonion”, and equally as memorable. Make your password a minimum of eight figures in size, containing both of those letters and numbers, and each upper and lessen-situation letters. Standard terms can be guessed by brute-power cracking systems.
9. Strip scripts all the way down to the bare Necessities. Improve them often.
Programs like PHPNuke have a lot of attributes during the default set up. They allow site owners and people many control of Web page content material. This creates vulnerabilities. A ‘Nuke web site of mine was hacked all through Christmas 2005, by an Arabian team. The good thing is, I'd a backup. I didn’t have quick internet access, at time, to enhance it. I only required a single module working, so I taken out the inessential ones, and adjusted file permissions around the admin segment. At enough time of composing, I’m waiting around to discover what comes about upcoming!
Should you don’t truly will need it, change it off.
ten. Be cautious Whatever you say about Others or products and solutions on your internet site.
Not likely security, but… individuals are extremely touchy about criticism. ‘Flame wars’ really are a waste of your time and Vitality, so avoid them.