Tactics You Should Know To Secure Your Website Part 1

The Key Basics To Know About Padlocks

Tactics You Should Know To Secure Your Website: Don’t Poke Fun At Me

Most people on the internet are good, honest people. However, there are some people browsing the internet who derive fun from poking around websites and finding security holes. A few simple tips can help you secure your website in the basic ways.

Now, obviously, the subject of data security is a complicated one and way beyond the scope of this column. However, I will address the very basics one should do which will alleviate many potential problems that might allow people to see things they shouldn’t.

Tactics You Should Know To Secure Your WebsiteTactics You Should Know To Secure Your Website: Password Protecting Directories

If you have a directory on your server which should remain private, do not depend on people to not guess the name of the directory. It is better to password protect the folder at the server level.

Over 50% of websites out there are powered by Apache server, so let’s look at how to password protect a directory on Apache.

Tactics You Should Know To Secure Your Website: Understand Apache

Apache takes configuration commands via a file called .htaccess which sits in the directory. The commands in .htaccess have effect on that folder and any sub-folder, unless a particular sub-folder has its own .htaccess file within. To password protect a folder, Apache also uses a file called .htpasswd .

This file contains the names and passwords of users granted access. The password is encrypted, so you must use the htpasswd program to create the passwords. To access it, go to the command line of your server and type htpasswd. If you receive a “command not found” error then you need to contact your system admin.

Also, bear in mind that many web hosts provide web-based ways to secure a directory, so they may have things set up for you to do it that way rather than on your own. Barring this, let’s continue.

 

Tactics You Should Know To Secure Your Website: Quick Tip

Type “htpasswd -c .htpasswd myusername” where “myusername” is the username you want. You will then be asked for a password. Confirm it and the file will be created. You can double check this via FTP. Also, if the file is inside your web folder, you should move it so that it is not accessible to the public. Now, open or create your .htaccess file. Inside, include the following:

AuthUserFile /home/www/passwd/.htpasswd
AuthGroupFile /dev/null
AuthName “Secure Folder”
AuthType Basic

require valid-user

On the first line, adjust the directory path to wherever your .htpasswd file is. Once this is set up, you will get a popup dialog when visiting that folder on your website. You will be required to log in to view it.

Tactics You Should Know To Secure Your Website: Turn Off Directory Listings

By default, any directory on your website which does not have a recognized homepage file (index.htm, index.php, default.htm, etc.) is going to instead display a listing of all the files in that folder. You might not want people to see everything you have on there.

The simplest way to protect against this is to simply create a blank file, name it index.htm and then upload it to that folder. Your second option is to, again, use the .htaccess file to disable directory listing. To do so, just include the line “Options -Indexes” in the file. Now, users will get a 403 error rather than a list of files.

Tactics You Should Know To Secure Your WebsiteTactics You Should Know To Secure Your Website: Remove Install Files

If you install software and scripts to your website, many times they come with installation and/or upgrade scripts.

Leaving these on your server opens up a huge security problem because if somebody else is familiar with that software, they can find and run your install/upgrade scripts and thus reset your entire database, config files, etc.

A well written software package will warn you to remove these items before allowing you to use the software. However, make sure this has been done. Just delete the files from your server.

This concludes part 1 of ” Tactics You Should Know To Secure Your Website“. Be sure to check out Part 2 for the rest of the tips.


Tactics You Should Know To Secure Your Website
If you are looking for extra money and would like the possibility of getting a $200 commission plus residuals per system sold. Then click the banner below to find out more information on how to join a team that can make it possible for you.

 

Tactics You Should Know To Secure Your Website

___________________________________________

Take Care And God Bless

Greg “Da Spokesman” Stargell

Join Us On Facebook :

Greg Fan Page

The Security Systems Page

Tactics You Should Know To Secure Your Website


Visit Us On FacebookVisit Us On TwitterVisit Us On LinkedinVisit Us On Google PlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed