“There is no security on this earth, there is only opportunity. “ – General Douglas MacArthur

You might be running a website , but your not sure on how safe it is . Your websites life also depends on it’s security . There are many Browsing the internet these days and are not sure about the risks . Some people on the Internet are only there to have fun by destroying others wonderful creations . Some of them lure into websites , find Security Vulnerabilities and try to attack your website all just for fun .For this you have to secure your website to prevent your and your websites usefull and private content from leaking into the open internet and cause a big Havoc and loss .

Well Here are some Minor tips to be kept in mind while designing your website .

1) Choosing the Right Software to work with

It’s all left in your hands to choose the best software for a blog , website , forums etc . Each and every software has a set of vulnerabilities which act as a security risk . So it’s always necessary to choose the best software to work with and run it on your website . Always remember to UPDATE all the contents of the software and stay up-to-date to prevent the extreme vulnerabilities in that software from causing problems .

2) Password Protect all your Private Directories

It may be that you might have some private directories on your personal or shared server , with all your private stuff in it. Well you might want to always remember to password protect all of your private directories with a strong Password , you might want to go with Alpha – Numerical password sets .

In most servers you might find a file named .htaccess . The .htaccess is the configuration file for use on web servers running the Apache Web Server Software . The commands in .htaccess have effect on that folder and any sub-folder, unless a particular sub-folder has its own .

3) Working with Directory Listings

It is Always better to turn off your Directory Listings . Well it is seen that any directory on your website  which does not have a proper homepage file such as a (index.html , index.php , home.html etc) will display the listing of what all files are there in that directory . To prevent this you will need to turn off Directory listings to keep it all private you might want to upload a blank index.html or index.php file in every directory  . Well in turn if you want to display a 403 error page you might want to add an entry in the .htaccess file to disable directory listing . to do this you can include the line “Options -Indexes” . Now everyone will get a 403 error page instead of your files being listed.

4) Encrypting Transmitted Data

Sensitive data that is to be passed across the Internet must be secured through an appropriate level of encryption. The
Secure Sockets Layer (SSL) protocol, with its characteristic lock symbol at the bottom of the browser, is the standard
means of encrypting data over the wire. SSL also enables server and client authentication for those concerned with
identity fraud.

However, just because a site uses 128-bit encryption should not lull security-minded IT professionals into a false sense of security. SSL guards the confidentiality of data while it is transmitted, but it does nothing to secure private data stored on the web server. Encryption is only one piece of the larger security puzzle – often necessary but not sufficient alone to secure a web application.

5) Vulnerability Scanners

Vulnerability scanners have been used for years to help identify network security flaws. Such scanners are automated tools that remotely check a network for known vulnerabilities. Some may look for signs such as registry entries to determine if specific patches or updates have been implemented. Others actually attempt to exploit known
vulnerabilities and collect and analyze responses. Scanners range in price from free and open source scanners to quite
expensive commercial tools.

Good scanners today can achieve more than 90% vulnerability coverage on an average network. However, they are
weak at the application level because they rely on known and documented flaws. Flaws and vulnerabilities within
custom code are unlikely to be documented in scanner databases.

6) Conclusion

Well I’ll conclude this to make this Blog post short enough . It is better to keep your website Quiet secure from SQL injection attacks . There is a quiet good article on how to prevent such attacks over here :

wwwcoder – Preventing SQL injection attacks.

It is also better to change the ports that certain services run on, such as FTP and SSH since these are common targets.And always remember Hackers can almost guess your password if they study you! . Try to keep less admins on your website/forum/blog to prevent major website hacking attempts . You can never trust anyone . Always CHMOD all your files and directories  , since most of the hacking attempts are based on all unauthorized file edits and changes . Try to change your CHMOD of your .htpasswdto 640  and .htaccess to 644 , CHMOD files like config.php if you dont want people to see it to 400 . if anyone requires write access you can CHMOD that file to 755 . Never set any directories or files CHMOD property to 777 which is really a security risk .

This is your last tip  : I have faced problems before when i had not removed my Install or Update Directory . It is possible that any person can reinstall any software again and ruin all your Database entries if an install or upgrade directory is present. So after you install or upgrade any software it is a must to remove that install or upgrade directory from the server.

If you liked my Blog post you can always leave a comment . Thank you