A little security (Some tips to make your site safer ) (Basic)
First Tip : Use a Security managed VPS/VDS OR If you can DEDICATED SERVER
So here i’m back with a new little tut . Today i want to help you make your site a little safer . First of all i must mention altough all this Tips will Help you to make your site more secure but Still Your server management and Security is the Most important part, so if you can buy a VPS or a VDS or such things. These are much cheaper than A dedicated server for a small site (blogs) .
So , i know you are choosing a good service for your site(blog) and you have that part of security . You can search the web for a trusted Hostings Like leasweb or etc .
as we are runnig a wordpress site so i will introduce you some examples according to wp and you can Spread them to your needs .
Second Tip : Make Admin areas Password protected
Yes . one of the important part of any website is admin areas , beacuse this part give access to all database and special files. in past wordpress had some bug in this part , but for now it’s fix . but , you must be carefull about what you do ,to prevent problems.
You can do this easily from a panel management like cpanel or other panels such as kloxo and etc …
But if you don’t have any access to your main panel , don’t worry . there are 2 more ways ( that i know ) that you can try them
- upload a .htaccess file in the main root of your site and add Some rules to it
or Just Try
- You can Use a simple script for this work . i will publish a simple script nad it’s coding for this work in the next posts
Third Tip : Small Security Using Some htaccess Codes
yet you have work to do with your .htaccess file. An important Part is to secure the folders that have not any index . just add the line below to your .htaccess file for this :
# Start Protection
Options All -Indexes
also you must Secure the .htaccess file too , so use this code :
deny from all
And if you have a Config File , you must protect it too :
deny from all
Note : You can change the wp-config.php To any other file that your config is consist in it .
Note : For the last rule , you must put the htaccess file in a directory that your config file is exist , for example some systems like vb put config file in directories
Forth Tip : Don’t use Common names For admin and/or Tables prefixes
it’s important for all to know that the username admin is to easy to find ,so don’t make the work easier for hackers . (it’s not that important but yet there is somthing)
the second and an important Notice is to don’t use table prefixes that suggested by the system in first time , for example in wordpress we have always ” wp_…. ” better to change it . you can learn this from internet by searching according your needs.
Fifth Tip : Encode Your Config File
one of the most importance is to encode your files using deferent ways. so no one can easily understand your database name and/or db perfix and such information and if a hacker can access them have a hard work to decode it. we have a bunch of Encoding methods; so better to try to Encode the encoded code means a combination of 2 or 3 or even more Encoding Ways .
As a free Online encoding service i can name the byterun Encoder
this where we finish this tut, yet there are alot of ways to make our blogs safer , but these are the simplest and easiest , and if i remember or learn more , i will share them with you for sure .