How can i secure my website from hackers.

sunnynosid · 09-29-2011, 12:31 PM

I am very much worried about my website's security. Can i secure my website from hackers through coding? Or, is there any other method of security in which i needn't to pay for security. Please tell me the important points about website security too.

mattyy · 09-29-2011, 01:33 PM

For one,
Do not have writable file permissions. The correct permissions are normally 755 or 644.
That's assuming if you're using a web host.

oracleguy · 09-29-2011, 04:32 PM

Yes, how well your website is coded plays a big role in how secure your website is.

teedoff · 09-29-2011, 07:02 PM

Secure what? your code? or sensitive information that may be on your site?

Code, no you cant secure it....read the sticky here about protecting source code.

As for sensitive information, as oracle said, a great deal of thought should go into how you plan to code your site. Server side coding cannont be seen by end users, therefore is always best when validating forms, protecting data, encrypting data, email addresses, and such, and general site security.

If there's data you're really worried about, pages can be "blocked" or secured from view for anyone other than "trusted" members of your site.

Rowsdower! · 09-29-2011, 07:18 PM

As said above, your server-side script is where the real security takes place. That is the one part of the system that a hacker can't touch unless you let them touch it. Any HTML or javascript can be manipulated (making any and all input received from users unreliable and potentially dangerous), but your source code for server-side scripts can neither be seen nor be edited. You have to rely on input validation and obfuscating critical folder names and database names/columns/etc. It's a layered approach.

The number one most basic rule in my opinion is to treat everything your server receives from a user as a hacking attempt until proven otherwise. Any data provided by a user is absolutely NOT TO BE TRUSTED. You validate all inputs and check very carefully before running any database commands to make sure that nobody is running commands you had not intended (see "SQL injection" in a google search for some background).

If you are on a shared hosting environment then you kind of have to trust that your host has the proper security set up for the rest (ports, DDOS attacks, and such). If you run your own server then you have to make sure that you have those things taken care of yourself.

VIPStephan · 09-30-2011, 09:02 AM

You can also improve security with htacces: http://perishablepress.com/press/200...icks/#security

colinwood07 · 09-30-2011, 12:43 PM

Quote:

Originally Posted by oracleguy

Yes, how well your website is coded plays a big role in how secure your website is.

Please tell me secure what ?

I want to know how to secure our website from hacker ?

oracleguy · 09-30-2011, 05:55 PM

Rowsdower already pretty much covered it as well as can be in only three paragraphs. Always sanitize and validate all user input even hidden input fields.