Guest article by Mr.Pubudu Kodikara from TechHamlet. This is a gift for all our readers on account of our 3rd anniversary celebrations.
Everything in or near the web should think more about their security than anything else! As I always say, the Internet is one of the most dangerous places in the world! You will never know what hit you.. So, we always should consider about our security if we want to survive.
Normal system users will use various security software to protect them from the huge amounts of malware that can attack them. Those systems can be considered as things near the web. But a website is inside the web! So, how many threats can attack a website? Trust me.. you’ll never know unless your being attacked! So, don’t you want to make your site more harder to crack? Lets see how..
#1. Chose Your Passwords Wisely
First thing to consider is “Passwords“! Check your CPanel, Email accounts related to your site, Your site’s login password and make them more stronger by adding a longer password with characters and numbers mixed together. Also don’t forget to keep that password in your mind!
2. Always Use Your Own Machine!
Never use public PCs like the ones in Internet cafes to log-into your site or to any related email account! Don’t even use your friend’s computer. Make sure that you have all the necessary security in your machine before you log in.
>3. Make the Things More Harder to Guess
Use hard to guess user names and also use hard to guess table prefixes when installing software like WordPress and Joomla.
>4. Try to Hide the Site’s E-mail Address
Never use the e-mail related to your web site for commenting in other blogs. Always try to hide that email from the others.
5. Protect Your Server
Next, you need to secure your web server. We can use a simple .htaccess file to do this. Here is an example of a simple .htaccess code :
# STRONG HTACCESS PROTECTION</code>
<Files ~ “^.*.([Hh][Tt][Aa])”> order allow,deny deny from all satisfy all </Files>
# disable directory browsing Options All -Indexes
# protect a file <files wp-config.php> order allow,deny deny from all </files>
This is a very simple file which will protect the hataccess files at first and then disable your visitors from snooping into the directories which doesn’t have an index file! The last set of lines will protect any file which you specify from the attackers. The above code will protect the wp-config.php file which is there in WordPress! If you want to protect any other file, replace wp-config.php with the file name you want. After preparing your .htaccessfile upload it to the root of your server.
 FEED! Subscribe via  EMAIL. |
If you already have a .htaccess file in your server, get it first and add these codes if they are not in it!
6. Set Your Permissions
It is a very good idea set the permissions of all your scripts to 644 and the folders to 755. If your not sure about this, don’t do it because the incorrect permissions can break your site! Always ask the support of your hosting service to do it for you.
7. Password Protect Your Folders
Try to password protect the folders that you don’t want anyone else to access. You can use an htpasswd file to do this. Here is an easy way to generate a htpasswd file : http://www.askapache.com/online-tools/htpasswd-generator/
Or you can use the Password Protect Directories feature located in the Security section of your cpanel.
8. Don’t Let Your Visitors Go Snooping Into Your Folders
Always add a blank index.php or index.html to every folder which doesn’t have an index file. If there’s no index file in your folder, and if there’s no htaccess rule to protect those folders (as mentioned above), then any one who visits that folder can see what are the files you have inside it!
9. Replace the Default Encryption Keys in WordPress
If your using WordPress, replace the default security keys with a new unique one. These security keys are used to encrypt your data stored in the cookies. To get a unique key, you can use their online key generator : https://api.wordpress.org/secret-key/1.1/salt/
To add the keys, download your wp-config.php file and replace the existing keys with the new ones. After that, upload it again to your server.
10. Always Keep a Backup
The last tip is to keep everything backed up frequently! So even if your hacked.. still you can smile after restore your site with the backups!
After adding all these tricks and more other tricks that you know.. can you think that your completely safe? Never! Never can you be 100% safe in the web! Everyday new malware threats comes to life, determined to bring you down! That’s the harsh truth of the Web! So.. be prepared for anything!
Adam @ Auckland H... (2)
Streaming Server (2)
used tires (2)
aatif (1)
Dolly (1)
impressora brother (1)
Jauka (1)
Prabir (1)
{ 12 comments… read them below or add one }
Great tips. I think password must be very strong.
@ Rahul.. Your welcome mate
Hi
Perfect tips to protect and backup is really very important.I have it last month for my blog.
Thanks For Sharing
-Abhishek
Worthy and great tips.
Thanks for the post.
- Robin
Really Speaking awesome tips for making a blog secure.
really nice tips , thanks for sharing
Taking backup right away!
Nice tips
i go with point number 1 and 5. They are really important. if you are in a VPS or a dedi then Switch on the CSF security
Good Tips. Will take care of all the constraints.
Thanks
So there are many possibilities for a intruder to attack our blog..
Really cool
Thanks
I have look for such a article for a long time, thanks a lot.
Useful security tips.. thanks for sharing