How To Improve Security Of Your Website? Tips and tricks, important things...

First of all i want to apologize to moderators in case that they need to close this topic because someone opened it before...I used search and i havent found anything...once again sorry if i missed some topic...Getting to the point!What do we need to do to make our site secure? Daily backups, deleting install files or something else?So please tell us more about site security! I know it`s practically impossible to make site 100% hack free, but at least 80% we can do!Advanced users share your advices with us-newbies!You ll get post count and we ll get better sites Thanks

Making backups does not make your site more secure, but provides a safety net in the event that something does happen to your site, not only hacking but a corrupt database, an error in some code, anything. I strongly recommend making at least weekly backups, if not daily. After an entire hard drive failure I know how important they really are :lol:Deleting install files is also vital. Install directories and files such as those with forum software contain absolutely no security what so ever. Anyone can visit that page and run the installation process over again. The worst that can happen is that you lose all your data in a database and completely lose control of your site. Delete any installation files and CHMOD all files appropriately.Changing passwords regularly is also important, and using weird usernames can sometimes help. If you have written a script yourself and to access the admin panel you use the username "admin" that is far to obvious, and any hacker is already half way there. Passwords should be changed regularly and contain random strings of letters, numbers and symbols. NEVER store a raw password in a file. Always encrypt it, and remember that simple passwords can still be read from encrypted strings by a determined hacker.

It also depends what software you might be using. Some software such as forums do contain errors in their early days allowing a "hacker" to gain access to things they should etc...so always take avaliable updates and so dome searching to look for vulnerabilities in the coding. That can hel you avoid deathtrap software!Also if writing your own code get someone to check it if possible and remember basic security like being careful with variables (eg register_globals in php and SQL query strings and try not to use javascript for anything high on security like logins as its all veiwable in javascript and much easier to crack. Try using server side languages such as php or asp. And remember anything you write in html, javascript, even VB in your html files can easilly be ready by anyone by veiwing the source of the page! And dont ever trust user input, validate it and check it using atleast two different methods to make sure its safe for your website to use. Especially strip html tags from input and slashes also. I think keeping an eye on your site by veiwing access logs and looking at it from a users veiw can help to see changes you havent made yourself and stop a hack being harmfull.and definately keep backups of all files and databases on your website for damage control! and if a hack does occur change all passwords related to the site and if its easy to do change any scrits you can to use a slightly different validation method etc.. to stop them next time!

My Site

How To Improve Security Of Your Website?

Are there any programs I could install that make my site hack proof.

I don't think anyone want to hack my site since it under a domene.

Home.Online.No/~username/

But it would be good if it had been hack proof in case someone want to hack it.

All I use to connect to the site is a FTP program and user name + password.

So it's not any big dell to hack it.

-reply by Carl Henrik Sohlman