Protect Web Application

Having a shopping cart or content management system is an excellent option to start your own website; but not securing your system is going to give you a big heart attack if someoneĀ hacks into your system.

Therefore, it is importantĀ to ensure that your application’s administration panel is secured to prevent attack or abuse. Here are some of the methods you can consider implementing to protect your website.

    1. Use strong passwords. A strong password should consist of non-dictionary words, with a combination of symbols, lower-case alphabets, upper-case alphabets, and numbers.
    2. Change your password regularly, do not fear forgetting your password as you can easily reset them if needed, simply contact us and we will assist you.
    3. Password protect your directories using htpasswd files. Vodien’s customers can make use of the cPanel control panel to implement this. Refer to this video tutorial: https://help.vodien.com/tutorials/cpanel-x3-voice/cpanel-x3-protect.html

Here are some examples of sensitive folders that you should secure.

WordPress: wp-admin
Popular shopping carts (osCommerce, ZenCart, Cubecart): administrator
Joomla: administrator

In addition, here is an excellent page that teaches you how to secure your WordPress:

http://codex.wordpress.org/Hardening_WordPress

    1. Prevent execution of script files in folders that do not require them. For e.g. the /images/ folder. To do this, create a .htaccess file inside your images folder. Adding the following line will make the popular extensions (.pl, .cgi, and .php) to prevent execution.

Type the content below into .htaccess and save the file.

# ———- To be added to .htaccess (start) ———-

AddType text/plain .pl .cgi .php

# ———- To be added to .htaccess (end) ———–

Or if you know what are the file extension you wish to allow, type the content below into .htaccess and save. For example, the following code will allow the following file extensions: jpeg, jpg, png, gif.

# ———- To be added to .htaccess start ———-

# If the URI is an image then we allow accesses
SetEnvIfNoCase Request_URI “\.(gif|jpe?g|png|bmp)$” allow_images

Order Deny,Allow
Deny from All
# Allow accesses only if an images was requested
Allow from env=allow_images

# ———- To be added to .htaccess end ———-

You may also check How to secure WordPress.

(Visited 176 times, 1 visits today)