Own a website? Ever think about security? If not, well you’re asking for trouble.
These are the best things you can do to secure your website properly
- Use random generated passwords 32-64 characters in length.
- Research your particular software and/or plugins for vulnerabilities at all times by visiting milw0rm and packetstorm on a regular basis.
- Optionally, you may want to install some kind of spam filter if possible on your software.
Own your server? You’ll probably want to do this as well, on top of the list above.
- Do periodic software updates on your server, change the ports that certain services run on, such as FTP and SSH since these are common targets.
- Disable root login.
- Set ServerTokens to “Prod” in Apache.
- Run software that automatically bans an IP after a certain amount of failed login attempts.
- Again, for all passwords on the server use 32-64 char random generated passwords, including the host control panel if you have one.
Just searching around reveals to me that there are far too many insecure websites out there, that could easily enough become fairly secure by following at least some of these methods. You can never be too secure, there are new vulnerabilities found every day, and there is no shortage of malicious users out there ready to deface your website or gain root login to your server for the fun of it. There are many more tactics out there for security, but these are some of the better tactics that will deter most people. Be careful out there.
Thanks go out to nukeit.org
Good insights.
The Unemployed Asshole’s last blog post..Pirates New Uniforms = Mistake
Thanks for the tips. I haven’t thought much about web site security, but then again, I only recently started my blog.
pcmemoirs’s last blog post..Alternatives to Microsoft Office