Securing your websites?

6 replies
I was reading the thread about the different membership sites people recommend, and started thinking about the best way to secure such a site. Obviously if you have people paying for access to something, it's critically important for both the seller and buyer that the website is not vulnerable.

Besides backing up frequently, what are the best practices to securing your site against hackers? Which membership site programs are most secure? I'm kind of a security nut so I'm borderline paranoid about this kinda thing.
#hackers #membership #securing #security #website security #websites
  • Profile picture of the author KathyK
    If you are a security nut, you probably already know all this. It's going to be pretty general because I have no idea what you are running/intending to run in the way of programs, etc - or whether you are on a shared/vps/dedicated server - or even Windows or some flavor of Unix.

    So basics (besides the backup you already mentioned):

    1) Make sure your main passwords (ftp to the site. control panel, admin for whatever CMS you are using) are long, involved and have letters, numbers $%()*@# etc. No "password" as password/
    2) Make sure whatever programs/plugins, etc. you are using are kept updated.
    3) Require good passwords of your members as well - if you can (minimum length, must include #s and letters, etc.)
    4) If you allow them to upload, make sure no programs can run in the upload directory (your members can get hacked, too...
    5) Make sure you are on a host where your cms can run as you (suexec/fast cgi) - having to set permissions to insecure so that the CMS will run is dangerous.

    I could give more specific things to think about if I knew more about what you are considering - but that should at least give you a start.


    {{ DiscussionBoard.errors[8087819].message }}
  • Profile picture of the author MonitorScout
    If you are using an open source script then keep it updated from time to time. Using strong password, securing admin email, add a prefix to database table prefix, change the file or folder permission. Use on mouse click option for the visitor to send them to the secure site to keep the bots and crawlers at bay.
    Monitor Scout - Website & Server Monitoring
    50 different checks, SNMP monitoring and much more.
    {{ DiscussionBoard.errors[8087821].message }}
  • Profile picture of the author Steven Miranda
    Make sure your site files and databases are backed up daily. I currently use
    {{ DiscussionBoard.errors[8088009].message }}
  • Profile picture of the author konakid
    This wordpress plugin is awesome for adding security to your site WordPress › Better WP Security « WordPress Plugins

    I would definitely recommend using it if you are concerned about these issues.

    Also, if you want to protect your downloadable content, most membership plugins should have an option to limit downloads on a user or IP basis. This will help prevent your download link from being shared on the internet, or multiple people using the same account.
    {{ DiscussionBoard.errors[8088053].message }}
  • Profile picture of the author KathyK
    I'll second what konakid said, if you are using WP.
    If not... CMS security:
    1) Change admin username to something else - you can do that in almost all - in some, by making another administrator-level account, then logging in with that and putting admin down to lowest access level.
    2) IF possible, change the admin directory entirely - some CMS's you can do that, some you can't - but the bots LOOK for things like /wp-admin, (which is NOT nice about letting you change your directory) or /administrator or whatever. If you can change it, do. And don't name it something easily guessed.
    3) Lock down everything you can - if you aren't going to post by email, find out how to disable that function, for instance -it's a notorious hacker-entrance. If you aren't going to use comments and trackbacks, turn them OFF (not hackers, but you don't need the spam).
    (Am I paranoid enough for you yet? I've earned lots of money de-hacking websites...I'm PARANOID PLUS.)
    And, you do have the Number one recovery option covered. BACK IT UP. Early and often. And save several, because you might miss a hack and not have a good backup without going back a bit.


    {{ DiscussionBoard.errors[8088324].message }}
  • Profile picture of the author Moneymaker2012
    Most of the hacks come from hackers getting FTP access to websites from malware on computers that have been used to access the website via FTP. It is important to make sure that all the software on those computers is kept up to date.
    {{ DiscussionBoard.errors[8089135].message }}

Trending Topics