• How do you earn money?

    View Results

    Loading ... Loading ...
  •  
  • Free Report: 21 Ways to Raise Fast Cash Want to get the free report? Want to stay up-to-date on the latest online business information? Subscribe below!



  •  
  • Follow me via RSS with any reader. Click the image below:
    RSS FeedI'm on Twitter, too!

Simple Site Security Measures

By Kovich On September 11, 2009 Under Security
Website Magazine

Today I am going to cover a few simple ways you can help protect your website and server, making your business more secure and saving you any possible recovery costs in the future. More to come later. :)

Issue 1: 403 errors (403 = forbidden) often display a myriad of server information and details, which could be used by an experienced hacker to find vulnerabilities in your site. For example, if your 403 page tells me you’re using an out of date module on your server, I now have a much better chance of pinpointing a security hole.

Solution: Add the following to your .htaccess file: ErrorDocument 403 /403.html then create 403.html and make it extremely basic. I uploaded an example here. If you cannot view the source of the page, click here for a .txt version. It is recommended that you do this for other errors as well.

Issue 2: Using passwords that are easy to guess or figure out is the easiest way to ensure your security will be compromised.

Solution: Generate random, secured passwords and usernames for your site, server, FTP and any other login credentials. I use this website.

Issue 3: WordPress has more than a few potential vulnerabilities. Shut them down before they’re exploited.

Solution: Install the following WordPress plugins: Login Lockdown, AntiVirus, Security Scan.

Issue 4: Allowing access to your WP-Admin directory by a third-party just screams vulnerability.

Solution: Create a .htaccess file in your WP-Admin directory with the following:

order deny,allow
allow from PutYourIPAddressHere
deny from all

If you don’t feel comfortable doing this, or you have a dynamic IP address, see the Apache Password-Protect Directory page. A more user-friendly tutorial is also here.

Issue 5: Allowing anyone to access your wp- directories in WordPress could allow them to see which plugins you use and detect the versions asĀ  well.

Solution: Create blank index files in all directories or add this to your .htaccess file:
Options All -Indexes

Issue 6: WordPress, by default, has a meta tag that gives away the version you are currently using, which is useful information for a hacker.

Solution: Edit your header.php file and remove the aforementioned ‘generator’ meta tag.

Issue 7: Search Engines indexing everything on your WordPress site could spell trouble.

Solution: Add this to your robots.txt file: Disallow: /wp-*

Disallow: /wp-*

Bookmark

2 Comments Share yours!

  1. TheZ
    September 16, 2009
    12:32 am

    Wow! I enjoyed reading this entry, I’m a new business owner online and I’m always afraid of the hacking or security issues. I’ll be sure to reread this entry along with bookmark it for future reference!

    TZ

    Reply to this comment
  2. Sydney Monis
    October 3, 2009
    6:03 am

    Nice one mate. Really informative, just installed the ‘Antivirus’ on my WP site as you recommended. Thanks :)

    Reply to this comment

Share your thoughts!

  • Comments are being moderated.