CMS sites are vulnerable to hackers. Protect your site by reading on.
Database-driven sites are vulnerable to hackers, who can (and do) exploit bugs in those programs to gain unauthorized access to your site.
The following are some things you can do to help secure your site.
Using the default extension of “.php” means that before your hackers start you have already told them you are using PHP
As mentioned, you can use any file-name for your scripts – if you are using PHP for every script on your server, consider using the “.html” extension for your scripts and making PHP parse HTML files You can change your file extension by adding this line to the .htaccess or turn it on via the Apache Handlers in the cPanel (AddHandler application/x-httpd-php5 .html)
To protect against SQL injection attacks Sometimes hackers will try to screw up your database by inserting SQL code into your form input fields. They can for example, insert code that could delete all the data in your database!
To protect against this, you need to use this PHP function:
mysql_real_escape_string()
This function escapes (makes safe) any special characters in a string (programmers call text a ‘string’) for MySQL.
9. Example: $name = $_REQUEST[‘name’]; $safe_name = mysql_real_escape_string($name); Now you know the variable $safe_name, is safe to use with your SQL code.
10. Keep the PHP code to yourself. If anyone can see it they can exploit vulnerabilities.
You should take care to store your PHP files and the necessary passwords to access your MySQL databases in protected files or folders.
The easy way to do this is to put the database access passwords in a file with a .inc.php extension (such as config.inc.php), and then place this file in a directory which is above the server’s document root (and thus not accessible to surfers of your site).
Then, refer to the file in your PHP code with a require_once command.
By doing things this way, your PHP code can read the included file easily but hackers will find it almost impossible to hack your site.
You can find more information about hardening your PHP scripts at: PHPsec.org
You can find more information about hardening your PHP scripts at http://phpsec.org/projects/guide/
You must be logged in to post a comment.