one. Backup your web site about the server.
Find two unique hosts which permit SSH accessibility. Get an account with Every. FTP the backup of one internet site to one other server instantly, and vice versa. Download copies to your private home computer too.
2. Set a file called ‘index.html’ in each and every main or crucial Listing in your internet site, if it doesn’t already have 1.
This stops people today trying to peek at other information in exactly the same directory.
three. Will not use old versions of FormMail. Never use scripts which are recently launched, unless you understand how to check for security holes.
They must filter input like # or >. Lookup around the terms ‘Script Identify bug’ or ‘Script Identify safety’.
4. Rename any e mail scripts you down load in advance of installing them.
Why provide a spammer a clue as to what your script is, and what it can perform?
5. Tend not to give data files or directories clear names, like ‘go’, ’e-mail’, ‘orders’ as well as like.
Once again, why enable it to be quick for snoopers?
six. Don't depart unencrypted, confidential information on your server.
It’s only a computer within a data synthetic area God is aware of exactly where, with God is aware of who having access to it.
seven. Use a well known web host.
That cheapo one particular may be an un-dedicated reseller. Their Google PageRank offers a clue regarding how common They are really. Mail them an e-mail or two. See just how long it will require to obtain a reply. Have a look at their discussion boards; how active are they? They don’t Have a very Discussion board? Upcoming!
eight. If you are organising .htaccess files or some other sort of password defense, use very long and assorted passwords.
“Ch33s3And0n10n” is quite a bit safer than “cheeseandonion”, and equally as unforgettable. Make your password no less than 8 characters in size, that contains both of those letters and numbers, and both of those upper and decrease-scenario letters. Common text may be guessed by brute-power cracking packages.
nine. Strip scripts all the way down to the bare Necessities. Enhance them on a regular basis.
Packages like PHPNuke have many capabilities from the default install. They allow site owners and users many control of website material. This generates vulnerabilities. A ‘Nuke web site of mine was hacked for the duration of Xmas 2005, by an Arabian group. Fortunately, I'd a backup. I didn’t have rapidly internet access, at some time, to upgrade it. I only necessary a person module Performing, so I removed the inessential types, and adjusted file permissions within the admin part. At time of creating, I’m ready to see what transpires following!
When you don’t genuinely need it, flip it off.
10. Be careful Whatever you say about Other individuals or solutions on your internet site.
Probably not security, but… consumers are extremely touchy about criticism. ‘Flame wars’ undoubtedly are a waste of your time and energy, so steer clear of them.