6 Things I Learned From My First Public WordPress Plugin
Website Security Recipe
If you skip a step or miss an ingredient it will leave a bad taste in your mouth. Check out our website security steps:
Step One: Make sure your ingredients are not stale. Make sure your CMS and plugins are fresh and up to date. An outdated CMS is a formula for disaster.
Step Two: Don’t allow extra cooks in your kitchen. Make sure your network, website, database and FTP access is restricted as much as possible. If hackers have a way into your kitchen then they will mess with your site for sure.
Step Three: Use strong utensils. If your passwords are weak or your logins don’t have Captcha a brute-force attack is bound to break your site. Also hide and protect common admin areas and use network or software firewalls when possible.
Step Four: Don’t deviate from the ingredient list. Don’t allow hacker’s to use SQL Injection or Cross Site Scripting to insert their ingredients into your site. Also restrict or validate any and all files that are allowed to be uploaded to the site.
Step Five: Add icing when applicable. When sensitive data is gathered add SSL connection to encrypt all communications between client and server.
Step Six: Clean up after yourself. Make sure your sites are handling all errors gracefully otherwise information about your site structure or DB could be displayed for hackers.
Note: I didn’t mention protecting your cookies. That pun was too obvious…
There are currenty 2 responses.