How to Improve Security of Your Site

August 21, 2014 – 7:59 am | No Comment

In this article I will tell how to forbid access to certain resources for some clients. The instructions will include descriptions of different directives.

Read the full story »

CSS Templates

Contain reviews and news about CSS Templates.

Freebies

Contain freebies such as icons, graphics, headers and images for your websites.

Fun Stuff

Contains other fun stuff for entertainment or interesting site showcase.

How-To

Contain technical elaborations on some specific workarounds or common tweak.

Joomla Templates

Contains reviews and news about Joomla templates.

Home » How-To

How to Improve Security of Your Site

Submitted by Aleksey on September 21, 2009 – 8:43 amNo Comment

There are a lot of different methods to secure your site against cracking. This article will show you a few ones.

Restrict access to administrator’s area

Restricting of access to the specified folder on your server is one of the standard tasks which can be resolved with the help of .htaccess. We will use .htaccess to restrict access to ../administrator/index.php.

Within ../administrator folder, create .htaccess file with the following commands:

AuthType Basic
AuthName "Some Name"
AuthUserFile /home/uXXXXX/.htpasswd
require valid-user

/home/uXXXXX/.htpasswd is a full path to a password file on your server. If .htpasswd is within a folder you get to when accessing the server through FTP then a path to this file will look like /home/uXXXXX/.htpasswd, where uXXXXX is a name of your virtual platform (for instance, u12345).

In AuthUserFile command specify a full path to a file with logins/passwords (we will create it a little later).

Note:If you create .htaccess file on your computer rather than on the server, please pay attention that .htaccess should be passed to the server through FTP only in text (ASCII) mode.

Creating of password file.

Password file should contain strings of the following type: login:password. Password should be encrypted using MD5 algorithm. One way to create such file is to use a program from the Apache distribution (htpasswd).

Set permissions to site files and folders

To set permissions to all files and folders of the site, run

find . -type f -exec chmod 644 {} \;

find . -type d -exec chmod 755 {} \;

command on your server.

These permissions would allow, for files;

644 = rw- r– r– = Owner has Read and Write

Group has Read only

Hide config.php

Config.php is a main configuration file of your site. Therefore illegal access to this file can cause a lot of troubles. We recommend you to hide this file:

Copy config.php from to any other folder on your PC. Now you have an original file within your site root folder and a copy of it;

Open the original config.php file and remove all its content. Make a reference to the copy of config.php within the original one:

<? php include_once ‘path_to_config_file'; ?>

Where ‘path_to_config_file’ is a full path to the copy of congfig.php allocated on your computer.

Now all your configurations are protected

Use jSecure Authentication

Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key.

These are not the half of the methods to secure your site. But they are considerably help you to avoid fraud.

Using all of these methods please try to remember all your passwords